[Fail2ban-users] IPSETD-NG MySQL
Hello. Looking in a way to share banned ips to multiple servers I've thought about using ipset-ng witch stores ipsets in DB. I've implemented banning using simple ipset. Now I've found this page: http://ipset-ng.pick-nik.ru/en/doc/IPSETD-NG-DRIVER-mysql I know this is not related to fail2 ban, but in community opinion: is this a good way to share the ban set? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
[Fail2ban-users] Error 2 before a ban.
Hi all, I’m hoping someone can answer the following error query I have. I am running Fail2Ban v0.9.6 on CentOS Linux release 7.3.1611 (Core) In the fail2ban log I see a lot (depending on the connection attempts in a second or two). Error 2 as below. 2017-08-10 18:10:07,000 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for #mine: [Errno -2] Name or service not known 2017-08-10 18:10:07,044 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for is: [Errno -2] Name or service not known 2017-08-10 18:10:07,108 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for always: [Errno -2] Name or service not known 2017-08-10 18:10:07,132 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for last: [Errno -2] Name or service not known 2017-08-10 18:10:07,156 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for in: [Errno -2] Name or service not known 2017-08-10 18:10:07,199 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for the: [Errno -2] Name or service not known 2017-08-10 18:10:07,218 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for list: [Errno -2] Name or service not known 2017-08-10 18:10:07,218 fail2ban.filter [22850]: INFO [sasl-iptables] Found 213.141.81.24 2017-08-10 18:10:07,645 fail2ban.actions[22850]: NOTICE [sasl-iptables] Ban 213.141.81.24 this seems to happen every time someone tried to connect, before it shows the warning and then the ban. Any ideas or suggestions appreciated. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
[Fail2ban-users] CentOS 5.10 and Fail2ban version:0.8.14-1.el5 stopped blocking IPs after Server reboot
Hi Guys, Sorry for the noise, just wondered if anyone had a similar issue to this. Our server was rebooted, and since that point fail2ban wont work correctly. We have an Asterisk server we are trying to stop REGISTERATION attempts which are fraudulent, and use this rule in jail.conf; [asterisk] enabled = true filter = asterisk action = iptables=multiport[name=asterisk-tcp, port="5060", protocol=tcp] iptables-multiport[name=asterisk-udp, port="5060", protocol=udp] logpath = /var/log/asterisk/messages maxretry = 3 The associated filter when testing the regex provides matches with the criteria(no errors), however we simply dont see any entries into IPtables. Timestamps/ NTP are all in Sync so was wondering if any one had any further ideas? As debug not showing anything. Thanks Jon -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] Error 2 before a ban.
Looks like you have a bad filter. Odd that those errors say: #mine is always last in the list Did you change a filter? Post it. this seems to happen every time someone tried to connect, before it shows the warning and then the ban. Connect how? IMAP, POP3, SMTP? Bill On 8/10/2017 2:31 PM, Steve Rowe via Fail2ban-users wrote: Hi all, I’m hoping someone can answer the following error query I have. I am running Fail2Ban v0.9.6 on CentOS Linux release 7.3.1611 (Core) In the fail2ban log I see a lot (depending on the connection attempts in a second or two). Error 2 as below. 2017-08-10 18:10:07,000 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for #mine: [Errno -2] Name or service not known 2017-08-10 18:10:07,044 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for is: [Errno -2] Name or service not known 2017-08-10 18:10:07,108 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for always: [Errno -2] Name or service not known 2017-08-10 18:10:07,132 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for last: [Errno -2] Name or service not known 2017-08-10 18:10:07,156 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for in: [Errno -2] Name or service not known 2017-08-10 18:10:07,199 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for the: [Errno -2] Name or service not known 2017-08-10 18:10:07,218 fail2ban.filter [22850]: WARNING Unable to find a corresponding IP address for list: [Errno -2] Name or service not known 2017-08-10 18:10:07,218 fail2ban.filter [22850]: INFO [sasl-iptables] Found 213.141.81.24 2017-08-10 18:10:07,645 fail2ban.actions[22850]: NOTICE [sasl-iptables] Ban 213.141.81.24 this seems to happen every time someone tried to connect, before it shows the warning and then the ban. Any ideas or suggestions appreciated. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Re: [Fail2ban-users] CentOS 5.10 and Fail2ban version:0.8.14-1.el5 stopped blocking IPs after Server reboot
I would think: action = iptables=multiport[name=asterisk-tcp, port="5060", protocol=tcp] should be: action = iptables-multiport[name=asterisk-tcp, port="5060", protocol=tcp] Note the dash instead of the equals sign in iptables-multiport Bill On 8/10/2017 3:24 PM, Jonathan Hunter wrote: Hi Guys, Sorry for the noise, just wondered if anyone had a similar issue to this. Our server was rebooted, and since that point fail2ban wont work correctly. We have an Asterisk server we are trying to stop REGISTERATION attempts which are fraudulent, and use this rule in jail.conf; [asterisk] enabled = true filter = asterisk action = iptables=multiport[name=asterisk-tcp, port="5060", protocol=tcp] iptables-multiport[name=asterisk-udp, port="5060", protocol=udp] logpath = /var/log/asterisk/messages maxretry = 3 The associated filter when testing the regex provides matches with the criteria(no errors), however we simply dont see any entries into IPtables. Timestamps/ NTP are all in Sync so was wondering if any one had any further ideas? As debug not showing anything. Thanks Jon -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users