On 6/17/11 10:53 AM, kim Doff wrote:
Hello,
I have PowerDNS Authoritative Server is 2.9.22 on Centos 5.5 32 bits.
I do not allow external recursion but I have had a brutal mass-attack
from China and Romania. It is a "recursion was desired" attack.
Does anyone know how to configure fail2ban to protect port 53?
Is there a Tutorial for that? I am a newbie.
I tried with iptables but I need something that automaticaly
blocks ips.
Best Regards,
Kim
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
in /etc/fail2ban/filter.d/pdns.conf:
======
[Definition]
failregex = pdns(?:\[\d{1,5}\])?: Received a malformed qdomain from <HOST>
ignoreregex =
======
You'll need to change it to match your log line. Then, add the proper
lines in jail.[conf,local] and it should work.
jail.conf:
========
[pdns-qdomain]
enabled = true
#port = domain,8053
protocol = udp
filter = pdns
logpath = /var/log/daemon.log
bantime = 259200
maxretry = 2
========
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
