onefang said on Wed, 12 Jan 2022 23:49:39 +1000
>I've been using shorewall and fail2ban for a while now, but nftables is
>soon replacing iptables, so it's time to consider some options.
I can't tell whether you're addressing the firewall on a single
computer, or the firewall between your LAN and
> On 16 Jan 2022, at 19:41, onefang wrote:
>
> On 2022-01-16 17:23:29, wirelessduck--- via Dng wrote:
>>
>>
On 16 Jan 2022, at 12:54, Bob Proulx via Dng wrote:
>>>
Any suggestions?
>>>
>>> I am not really happy with any of the programs I have looked at
>>> either.
>>>
>>>
On 2022-01-16 17:23:29, wirelessduck--- via Dng wrote:
>
>
> > On 16 Jan 2022, at 12:54, Bob Proulx via Dng wrote:
> >
> >> Any suggestions?
> >
> > I am not really happy with any of the programs I have looked at
> > either.
> >
> > Ubuntu really pushes ufw but it feels too complicated to
> On 16 Jan 2022, at 12:54, Bob Proulx via Dng wrote:
>
>> Any suggestions?
>
> I am not really happy with any of the programs I have looked at
> either.
>
> Ubuntu really pushes ufw but it feels too complicated to me. (Joking
> because it is supposed to be the Uncomplicated Firewall.) But
onefang wrote:
> I've been using shorewall and fail2ban for a while now, but nftables is
> soon replacing iptables, so it's time to consider some options.
Fortunately through the current today's Unstable there is no problem
with the use of iptables. But I have also been wondering what I am
going
Antony Stone wrote:
> The one feature I'd like to see on fail2ban is multi-server communication, so
> that if one of my machines has a reason to block an address, it tells all my
> others to block that address as well.
That’s also possible to “roll your own”. I was considering this at my last
On Thursday 13 January 2022 at 11:41:48, Didier Kryn wrote:
> My experience/understanding of fail2ban is that it's intended
> against attackers "smart" enough to periodically change their address.
I don't care whether it's individual attackers who change their address, or
multiple
Le 12/01/2022 à 14:49, onefang a écrit :
I've been using shorewall and fail2ban for a while now, but nftables is
soon replacing iptables, so it's time to consider some options.
Apparently fail2ban already supports nftables, but shorewall doesn't and
wont -
onefang wrote:
> My main problem with fail2ban is that it fails to ban. Or rather it does
> ban, for that one rule I wrote myself, but not for any of the built in
> rules, but then it releases the ban, even though I have told shorewall to
> ban that particular IP. So the IP ends up being
A technique I learned is to use the "fail2ban-regex" command with a
log file sample containing actual traffic that you want banned.
E.g. for Apache logs from the shell prompt:
$ fail2ban-regex /path/to/apache/logs/access_log..??.??-??_??_??
/etc/fail2ban/filter.d/apache-404.conf
You'll
I've been using shorewall and fail2ban for a while now, but nftables is
soon replacing iptables, so it's time to consider some options.
Apparently fail2ban already supports nftables, but shorewall doesn't and
wont -
https://shorewall-users.narkive.com/aujuSpJ1/nftables-on-the-roadmap
My main
11 matches
Mail list logo