Recently I pondered the idea of integrating fwknopd with fail2ban. The idea being, upon several knocking failures, the remote IP is banned.
As far as I can tell, however, fwknopd logging doesn't currently differentiate much between different types of knocking failures. That is, in my experience, everything ends up looking like this on the server: Jul 1 12:34:56 host fwknopd[12345]: [1.2.3.4] (stanza #1) Error creating fko context: Decryption failed or decrypted data is invalid That said, it would be useful if fwknopd was able to detect and report different failure types accordingly. Most specifically, for my purposes, a log entry stating that the failure was related to an invalid key would allow me to monitor for it via fail2ban. If there's anything that currently exists to help me meet my goal, let me know. Elsewise, please consider my suggestion for future work. Thanks! ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
