Re: Fail2ban and IPV6

2013-09-15 Thread green 
Robin Kipp wrote at 2013-09-14 16:08 -0500:
 Any workaround for this, or is there a better alternative to Fail2ban?

It seems that fail2ban still does not support ipv6.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470417
https://github.com/fail2ban/fail2ban/issues/39

Perhaps it would work to implement the filtering via iptables or the
particular service configuration?

You can use the iptables `recent` module to eg. allow only 8 ssh
attempts from a source IP in 5 minutes.  In ferm syntax (from
https://wiki.debian.org/ferm):

domain (ip ip6) table filter chain INPUT {
 protocol tcp dport ssh @subchain {
  mod recent name SSH {
   set NOP;
   update seconds 300 hitcount 8 @subchain {
LOG log-prefix Blocked-ssh:  log-level warning;
DROP;
   }
  }
  ACCEPT;
 }
}


signature.asc
Description: Digital signature

Fail2ban and IPV6

2013-09-14 Thread Robin Kipp 
Hi all,
I'm setting up a new server with dual stack IPV4/IPV6 support. Unfortunately, 
I'm encountering issues with the Fail2ban daemon, since it looks as if IPV6 is 
still unsupported.
The following gets logged whenever Fail2ban attempts to block an IPV6 address:
2013-09-14 22:38:45,867 fail2ban.filter : WARNING Unable to find a 
corresponding IP address for [hostname]

I've tried using an IPV4 only connection to see if Fail2ban would be able to 
ban the IP in this case, which seems to work as expected.
Any workaround for this, or is there a better alternative to Fail2ban?
Thanks!
Robin

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/c57dcd23-c935-48cc-9dc8-e883b0b78...@robin-kipp.net