Is there a way of "knowing" that ipsets are working correctly?
I've looked through the dump file and that does not seem to contain the information I need. The reason I ask, is that I have changed fail2ban to use ipsets to pass the information across to shorewall. The reason I have done this is because the old method stopped working after implementing "blacklist if connection attempt on unused port"
2017-02-22 16:57:20,757 fail2ban.filter [5721]: INFO [postfix-sasl] Found 94.102.60.172 2017-02-22 16:57:33,148 fail2ban.filter [5721]: INFO [postfix-sasl] Found 89.248.171.234 2017-02-22 16:57:54,557 fail2ban.filter [5721]: INFO [postfix-sasl] Found 91.200.12.121 2017-02-22 17:03:52,523 fail2ban.filter [5721]: INFO [postfix-sasl] Found 185.29.9.175 2017-02-22 17:04:46,613 fail2ban.filter [5721]: INFO [postfix-sasl] Found 91.200.12.121 2017-02-22 17:04:47,222 fail2ban.actions [5721]: NOTICE [postfix-sasl] 91.200.12.121 already banned 2017-02-22 17:11:38,149 fail2ban.filter [5721]: INFO [postfix-sasl] Found 91.200.12.121 2017-02-22 17:18:33,651 fail2ban.filter [5721]: INFO [postfix-sasl] Found 91.200.12.121
I have tried two different methods in the rules file. DROP:info net:+f2b $FW >> this was from a tutorial I discovered andADD(f2b:src):info net $FW >> this is a modified version of Tom's "blacklist if connection ...."
I have created the ipset all OK and get IPs # ipset list f2b Name: f2b Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 65536 timeout 300 Size in memory: 20048 References: 1 Members: 91.200.12.121 timeout 83162 95.211.209.158 timeout 83163 87.241.171.225 timeout 290 124.228.112.30 timeout 227 181.120.35.243 timeout 78 146.0.235.55 timeout 237If anyone could point me in the right direct, it would really help. I'm loosing too much hair scratching my head!
Many Thanks, Nigel. -- from the desk of Nigel http://soft-focus-imagining.com http://twin-peaks-video.com
<<attachment: nigel.vcf>>
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
