On Mon, 2010-08-09 at 00:38 +, Joseph L. Casale wrote:
I created a filter and verified it with fail2ban-regex against
actual lines in my log and it works. During restarts of fail2ban,
only some previous ip's get banned immediately whereas some need a
reoccurrence despite the jail's config
Stop it at the Edge Router not the machine.
Fair enough, but now I have to manually scour the logs and
maintain a dynamic block list?
Adding layers of security become problems like you are getting.
I agree, and if my edge router had the functionality to inspect
http requests I would:)
Ban the
On Mon, 2010-08-09 at 13:58 +, Joseph L. Casale wrote:
? That's what fail2ban is setup to do, as the email suggested its
not restoring bans correctly on restarts.
---
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
Question about persistant IP bans over restart
I
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
Question about persistant IP bans over restart
I think you need to adapt the example to CentOS/RH
Yeah, I saw that one and implemented it. I think I have to rewrite
the action scripts my jails use. The odd part is the initial
On Mon, 2010-08-09 at 15:29 +, Joseph L. Casale wrote:
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
Question about persistant IP bans over restart
I think you need to adapt the example to CentOS/RH
Yeah, I saw that one and implemented it. I think I have to rewrite
On Mon, 2010-08-09 at 13:58 +, Joseph L. Casale wrote:
I agree, and if my edge router had the functionality to inspect
http requests I would:)
---
Ahh, so is it really http requests you want to stop?
John
___
CentOS mailing list
Or block all networks like china,japan,india and so on. Can get these from
ICANN.
Actually. that might just be enough, I know this site won't need access
from other that NA addresses which is an easy rule to build permanently.
Thanks,
jlc
___
CentOS
On Mon, 2010-08-09 at 16:05 +, Joseph L. Casale wrote:
Or block all networks like china,japan,india and so on. Can get these from
ICANN.
Actually. that might just be enough, I know this site won't need access
from other that NA addresses which is an easy rule to build permanently.
---
On Mon, 2010-08-09 at 12:12 -0400, JohnS wrote:
On Mon, 2010-08-09 at 16:05 +, Joseph L. Casale wrote:
Or block all networks like china,japan,india and so on. Can get these from
ICANN.
Actually. that might just be enough, I know this site won't need access
from other that NA
I created a filter and verified it with fail2ban-regex against
actual lines in my log and it works. During restarts of fail2ban,
only some previous ip's get banned immediately whereas some need a
reoccurrence despite the jail's config specification of maxretry and
findtime suggesting the entries
10 matches
Mail list logo
