On 02/02/2016 08:31 AM, Alex wrote: > Hi, > I'm receiving a ton of attempts to reach services on my network for > hosts and/or services that don't exist, presumably in an attempt to > compromise those services. > > It's at the point where it's consuming a sizable amount of bandwidth. > > I've tried to write a fail2ban rule on the firewall, which also has > shorewall installed, but it won't start because I don't have firewalld > also running. > > Is it possible to use fail2ban without firewalld? I don't need > firewalld running on a host where there is already shorewall running. > > firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m > multiport --dports domain -m set --match-set fail2ban-firewall src -j > REJECT --reject-with icmp-port-unreachable -- returned 252 > 2016-02-02 10:25:32,258 fail2ban.actions [23608]: ERROR > Failed to start jail 'firewall' action 'firewallcmd-ipset': Error > starting action
Yes, just don't use a firewalld action. If you are running EL7 or Fedora, remove the fail2ban-firewalld package. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 http://www.nwra.com ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
