I figure I'm most likely to bump into a fail2ban-using-shorewall user than a
shorewall-using fail2ban user, so thought I'd ask about this here .
I'm getting started running
shorewall-lite version
4.6.13.4
iptables -V
iptables v1.6.0
ipset -V
ipset v6.29, protocol version: 6
on linux. I'd use version 5, but 4.6.13.4 looks like the last version my
distro provides. (Not sure what to do about that yet.)
Anyway, I'm working on getting fail2ban dynamic firewalling setup for use with
my Postfix server.
The latest version of fail2ban
fail2ban-server -V
Fail2Ban v0.9.4.dev0
includes a "shorewall-ipset-proto6" action that monitors shorewall logs and
writes entries to an ipset (IIUC).
The 'action' is a bit old. It still references BLACKLISTNEWONLY= instead of
the newer BLACKLIST= config in SW.
The actions' commands are
actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
then ipset -quiet -exist create f2b-<name> hash:ip
timeout <bantime>;
fi
actionstop = ipset flush f2b-<name>
actionban = ipset add f2b-<name> <ip> timeout <bantime> -exist
actionunban = ipset del f2b-<name> <ip> -exist
While reading the SW docs to figure out how to update the action
http://shorewall.net/blacklisting_support.htm
I discovered SW's "Dynamic Blacklisting". Which seems afwully convenient.
Is there any reason NOT to replace those 'raw' ipset commands with equivalents
that use SW's DYNAMIC BLACKLISTING?
Better yet, is anyone here aware of an existing modern/current Fail2Ban
'action' for using SW's Dynamic BL'ing?
Jason
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
