On 07/28/2021 08:44 AM, Jonathan Billings wrote: > On Jul 27, 2021, at 16:43, H <age...@meddatainc.com> wrote: >> |Running CentOS 7. I was under the impression - seemingly mistaken - that >> by adding a rule to /etc/hosts.deny such as ALL: aaa.bbb.ccc.* would ban all >> attempts from that network segment to connect to the server, ie before >> fail2ban would (eventually) ban connection attempts. >> >> This, however, does not seem correct and I could use a pointer to correct my >> misunderstanding. How is hosts.deny used and what have I missed? >> >> Is it necessary to run: >> >> iptables -I INPUT -s aaa.bbb.ccc.0/24 -j DROP >> >> to drop incoming connection attempts from that subnet? > Upstream openssh dropped support for tcp wrappers (hosts.deny) a while ago > but RHEL had patched support back in for a while, but I believe it isn’t > supported anymore. > > For what it’s worth, if you use the fail2ban-firewalld package, it uses ipset > rather than iptables, which is more efficient. > > -- > Jonathan Billings > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos
Noted, thank you. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
