So, Christoph, Should we still discuss the issue of the order of fail2ban vs iptables/firewall startup, and possible fail2ban-aware setup of firewall. imho the problem is clearly not of important severity, and just a matter of documentation and common sense.
On Sat, 25 Apr 2009, Yaroslav Halchenko wrote: > Hi Christoph, > sorry that I was salient... was quite swamped with RL etc. > so... in usual usecases we ask firewalls to start before fail2ban... > fail2ban uses 'iptables -I INPUT' which inserts its rule at linenum 1, > so fail2ban chains should be processed before anything else with evil > '-j ACCEPT'. > am I just too tired and missing the point? or everything should work as > desired? ;) > if I am not really correct and you just claim that sometimes smth > might start AFTER fail2ban an insert rules before it? well, then may be > we need to adjust actioncheck in iptables.conf to assure that first > lines are always the fail2ban's ones. > ? > or am I lost? -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
