Re: [asterisk-users] Fail2ban - SuSEfirewall
> The problem sounds like fail2ban is failing to write the new rules to a >permanent file, which would otherwise allow the rules to persist after a >reboot. Tilghman, That is exactly right. I'm thinking I need to revise the SuSEfirewall init scripts to follow up with restarting fail2ban, but then I think fail2ban will need to have a persistent jail after restarting, which I did find online. >I am a big fan of centralized management, so I prefer to do that rather than have static IP addresses on the network (except of course where absolutely essential). >For the OP: maybe a workaround is to assign a fixed IP address from your DHCP server and use a very long lease time? John, Agreed re management. The lease would have to be real long, like a year or so. That would do the trick. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Fail2ban - SuSEfirewall
-Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of John Novack Sent: Monday, July 26, 2010 12:20 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Fail2ban - SuSEfirewall Randy R wrote: >> On Mon, Jul 26, 2010 at 10:36 AM, Brent A. Torrenga >> wrote: >> >Why isn't the Asterisk box on a static IP on the LAN? That seems to be asking >for trouble using DHCP. Not really; the trick is to assign an fixed IP address to the Mac address (with a host statement in ISC DHCP, or a reservation in Windows DHCP). I am a big fan of centralized management, so I prefer to do that rather than have static IP addresses on the network (except of course where absolutely essential). For the OP: maybe a workaround is to assign a fixed IP address from your DHCP server and use a very long lease time? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Fail2ban - SuSEfirewall
On Monday 26 July 2010 14:19:58 John Novack wrote: > Randy R wrote: > > On Mon, Jul 26, 2010 at 10:36 AM, Brent A. Torrenga wrote: > >> I have tried to setup fail2ban on a machine running OpenSuSE 11. > >> Everything looks fine, except the machine restarts the firewall whenever > >> the DHCP lease is renewed, thus flushing all the fail2ban rules (I > >> think…). It seems to me that a quick fix would be to have the system > >> restart fail2ban whenever the firewall is restarted. Has anyone else > >> encountered this issue? …and come up with a solution? > > > > I believe there's a way to make the rules persist in a file. (see the > > fail2ban docs) > > > > /r > > Why isn't the Asterisk box on a static IP on the LAN? That seems to be > asking for trouble using DHCP. If the LAN is using an RFC-compliant DHCP server (read: not Microsoft), then it makes utterly no difference; as long as the machine is up whenever its lease expires and not too many MAC addresses are on the LAN, then it will always get exactly the same IP. The problem sounds like fail2ban is failing to write the new rules to a permanent file, which would otherwise allow the rules to persist after a reboot. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com & www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Fail2ban - SuSEfirewall
On Mon, Jul 26, 2010 at 12:19 PM, John Novack wrote: > Why isn't the Asterisk box on a static IP on the LAN? That seems to be > asking for trouble using DHCP. I was assuming he meant the ISP DHCP renewal. /r -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Fail2ban - SuSEfirewall
Randy R wrote: > On Mon, Jul 26, 2010 at 10:36 AM, Brent A. Torrenga > wrote: > >> I have tried to setup fail2ban on a machine running OpenSuSE 11. Everything >> looks fine, except the machine restarts the firewall whenever the DHCP lease >> is renewed, thus flushing all the fail2ban rules (I think…). It seems to me >> that a quick fix would be to have the system restart fail2ban whenever the >> firewall is restarted. Has anyone else encountered this issue? …and come >> up with a solution? >> > I believe there's a way to make the rules persist in a file. (see the > fail2ban docs) > > /r > > Why isn't the Asterisk box on a static IP on the LAN? That seems to be asking for trouble using DHCP. John Novack -- Dog is my Co-pilot -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Fail2ban - SuSEfirewall
On Mon, Jul 26, 2010 at 10:36 AM, Brent A. Torrenga wrote: > I have tried to setup fail2ban on a machine running OpenSuSE 11. Everything > looks fine, except the machine restarts the firewall whenever the DHCP lease > is renewed, thus flushing all the fail2ban rules (I think…). It seems to me > that a quick fix would be to have the system restart fail2ban whenever the > firewall is restarted. Has anyone else encountered this issue? …and come > up with a solution? I believe there's a way to make the rules persist in a file. (see the fail2ban docs) /r -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Fail2ban - SuSEfirewall
I have tried to setup fail2ban on a machine running OpenSuSE 11. Everything looks fine, except the machine restarts the firewall whenever the DHCP lease is renewed, thus flushing all the fail2ban rules (I think.). It seems to me that a quick fix would be to have the system restart fail2ban whenever the firewall is restarted. Has anyone else encountered this issue? .and come up with a solution? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
