I have found the following useful if - particularly if you are getting
too many Ban emails:
It will place as long time Ban on any IP that has been banned 2 or more
times in an hour.
New filter
filter.d/fail2ban.conf
~~~
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
# Hacked by Derek Sims
#
# $Revision: 663 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = fail2ban.actions:\s*WARNING \[\S*] Ban <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
~~~
In jail.local/jail.conf
~~~~
[fail2ban]
enabled = true
filter = fail2ban
action = sendmail-whois[name=multiban, [email protected],
[email protected]]
iptables-allports[name=multiban]
logpath = /var/log/fail2ban.log
bantime = 172800
findtime = 3600
maxretry = 2
ignoreip = 127.0.0.1
~~~~
On 29/07/2010 04:10, Jorge Armando Medina wrote:
>
> Good, this looks really good, Im going to try the openvpn part, anyone
> have other examples to share?
>
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
