extending fail2ban
Tim
ignored_mailbox at yahoo.com.au
Fri May 23 05:19:15 UTC 2008
On Thu, 2008-05-22 at 09:42 -0700, Don Russell wrote:
> I installed fail2 ban and it seems to do a nice job of reporting
> people knocking at my door and shutting them down temporarily.
>
> Is there any doc on how I could add other "intruder detection".... :-)
> man fail2ban and info fail2ban come up dry. :-(
You can do similar sort of blocking with firewall rules that count the
number of <connection attempts> and only allow <so many>. That could
be 10 HTTP connection attempts per hour, or any other port you care to
work on.
This isn't logging, or monitoring logs, it's the firewall counting
connection attempts, itself. A different approach than fail2ban.
You'd have to read the iptables documentation about doing this, though.
I don't have a ready made answer, but I've seen people discuss this sort
of thing on this list. Perhaps if you repost with a subject line
reflecting something like "automatic firewall rules to ban too many
connection attempts" you might get their attention, if you don't get any
suitable responses on this thread.
--
(This box runs Centos 5.0, my others still run FC 4, 5, 6, & 7, in case that's
important to the thread.)
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the fedora-list
mailing list