Hi, thanks guys for your help. Learned a lot. Thanks, Alex
On Mon, Feb 15, 2016 at 7:37 PM, Orion Poplawski <[email protected]> wrote: > On 02/02/2016 08:31 AM, Alex wrote: >> Hi, >> I'm receiving a ton of attempts to reach services on my network for >> hosts and/or services that don't exist, presumably in an attempt to >> compromise those services. >> >> It's at the point where it's consuming a sizable amount of bandwidth. >> >> I've tried to write a fail2ban rule on the firewall, which also has >> shorewall installed, but it won't start because I don't have firewalld >> also running. >> >> Is it possible to use fail2ban without firewalld? I don't need >> firewalld running on a host where there is already shorewall running. >> >> firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m >> multiport --dports domain -m set --match-set fail2ban-firewall src -j >> REJECT --reject-with icmp-port-unreachable -- returned 252 >> 2016-02-02 10:25:32,258 fail2ban.actions [23608]: ERROR >> Failed to start jail 'firewall' action 'firewallcmd-ipset': Error >> starting action > > Yes, just don't use a firewalld action. If you are running EL7 or > Fedora, remove the fail2ban-firewalld package. > > > -- > Orion Poplawski > Technical Manager 303-415-9701 x222 > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > 3380 Mitchell Lane [email protected] > Boulder, CO 80301 http://www.nwra.com > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
