On 28/08/2019 16:25, Mike wrote:
Correct me if I'm wrong, but one issue with using RBL data in iptables
is that you can't get an indication of rejections right?
With my RBL, I send an error message to any remote system they've been
blocked, with instructions on how to petition to be whitelisted.
With f2b, you don't get any indication anything's been blocked,
right? This is one reason why I like tcpwrappers. I can look at my
logs and see a particular IP was banned at a time when, say, I'm
expecting a remote system to send me an e-mail or something.
Is there a way to log iptable rejections without using too much
resources?
No you are completely right. Using the MTA to reject mail can send a
message back to the sender. Iptables cannot.
For logging with iptables, add an identical rule to your DROP or REJECT
rule but instead of a "-j DROP" use "-j LOG". The rule should come
before your DROP rule when you do an iptables listing (so probably after
the DROP rule in <actionstart>). You can also optionally specify a
custom message in your logs and the loglevel. Check "man iptables". In
my distro the default loglevel is 5 which goes to /var/log/messages. If
I do logging (which I rarely do) I use rsyslog to redirect the logs to
their own log file.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
