On 12/09/17 18:19, Phil Stracchino wrote: Has anyone set up fail2ban to trigger from postscreen rejections and apply blocks to a firewall on a separate host? And if so, any tips to share?
Solved simpler task: separate host (container actually) but still iptables. Cloned iptables-multiport.conf and iptables-common.conf for this. Particularly problematic was the fact that hosts can be rebooted separately, and fail2ban tries to stop all filters on own exit and start again on own restart. Instead, you probably want rules to persist on non-fail2ban host when either host is rebooted. I don't have good solution for this, made it kinda work with series of kludges (good solution would probably require changing fail2ban source). If your firewall is capable of running fail2ban, I'd consider sending postscreen logs to it instead. -- With Best Regards, Marat Khalili
