Re: Fail2ban and IPV6
Robin Kipp wrote at 2013-09-14 16:08 -0500: Any workaround for this, or is there a better alternative to Fail2ban? It seems that fail2ban still does not support ipv6. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470417 https://github.com/fail2ban/fail2ban/issues/39 Perhaps it would work to implement the filtering via iptables or the particular service configuration? You can use the iptables `recent` module to eg. allow only 8 ssh attempts from a source IP in 5 minutes. In ferm syntax (from https://wiki.debian.org/ferm): domain (ip ip6) table filter chain INPUT { protocol tcp dport ssh @subchain { mod recent name SSH { set NOP; update seconds 300 hitcount 8 @subchain { LOG log-prefix Blocked-ssh: log-level warning; DROP; } } ACCEPT; } } signature.asc Description: Digital signature
Fail2ban and IPV6
Hi all, I'm setting up a new server with dual stack IPV4/IPV6 support. Unfortunately, I'm encountering issues with the Fail2ban daemon, since it looks as if IPV6 is still unsupported. The following gets logged whenever Fail2ban attempts to block an IPV6 address: 2013-09-14 22:38:45,867 fail2ban.filter : WARNING Unable to find a corresponding IP address for [hostname] I've tried using an IPV4 only connection to see if Fail2ban would be able to ban the IP in this case, which seems to work as expected. Any workaround for this, or is there a better alternative to Fail2ban? Thanks! Robin -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/c57dcd23-c935-48cc-9dc8-e883b0b78...@robin-kipp.net