I’m testing fail2ban with ipv6 but when a filter match it set an ip6tables
rules without placing the ip, below my data and configuration :
my kern.log
Apr 19 11:52:02 vmi347774 kernel: [5007679.350187] TCP6-FLOODER: IN=eth0 OUT=
MAC=00:50:56:3f:34:5f:28:99:3a:4d:23:91:86:dd
SRC=2001:0b07:5d26:7c8e:b6b5:2fff:feae:e7b1
DST=2a02:c207:2034:7774:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=249
FLOWLBL=54292 PROTO=TCP SPT=50862 DPT=6667 WINDOW=28400 RES=0x00 SYN URGP=0
ip6tables-dropped in filter.d :
[Definition]
failregex = TCP6-FLOODER: .* SRC=<HOST>
ignoreregex =
the jail :
[ip6tables-dropped]
enabled = true
filter = ip6tables-dropped
banaction = iptables-ipset-proto6
banaction_allports = iptables-ipset-proto6-allports
#port = all
logpath = /var/log/kern.log
bantime = 21600
maxretry = 3
ignoreip = ::1/128 FE80::/64
wrong fail2ban placed ip6tables rule (missing ip):
-A INPUT -p tcp -m multiport --dports 0:65535 -m set --match-set
f2b-ip6tables-dropped6 src -j REJECT --reject-with icmp6-port-unreachable
What’s wrong ?
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
