Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: guest22 on September 20, 2014, 07:35:32 AM

Title: [contrib] fail2ban
Post by: guest22 on September 20, 2014, 07:35:32 AM

This is the place to discuss, provide feedback and share experiences regarding the fail2ban contrib

http://wiki.contribs.org/Fail2ban

Title: Re: [contrib] fail2ban
Post by: Stefano on December 08, 2015, 01:03:31 PM

interesting contrib, it detects all the failed auth on a server of mine, but since the server is configured as "server only", no action is taken by the script, because masq is disabled and so no iptables rules are in place..
in the documentation there's no indication that this contrib won't work in a server only setup, must be amended (or this is not the expected behaviour, will report in bugzilla too)

Title: Re: [contrib] fail2ban
Post by: stephdl on December 10, 2015, 10:25:21 AM

looking to my server, also in 'server only' mode, I can see I have rules in iptables

[root@sme9 ~]# fail2ban-client status recidive
Status for the jail: recidive
|- Filter
|  |- Currently failed:   7
|  |- Total failed:   227
|  `- File list:   /var/log/fail2ban/daemon.log
`- Actions
   |- Currently banned:   1
   |- Total banned:   6
   `- Banned IP list:   211.23.156.152

[root@sme9 ~]# grep -srn '211.23.156.152' /etc/init.d/
/etc/init.d/masq:427:    /sbin/iptables --append $NEW_Fail2Ban -s 211.23.156.152 -j denylog

[root@sme9 ~]# iptables -L |grep 211.23.156.152
denylog    all  --  211-23-156-152.HINET-IP.hinet.net  anywhere

Title: Re: [contrib] fail2ban
Post by: Stefano on December 10, 2015, 10:31:06 AM

there was a problem on my server, i.e. masq was disabled.. once enabled, after a post-upgrade & reboot routine, everything is working now

I created a bug (9149 (http://bugs.contribs.org/show_bug.cgi?id=9149)) in BZ but it is closed now.. wiki's page has been updated to reflect what we discovered in the bug itself

Title: Banning sub-nets
Post by: holck on August 18, 2017, 09:25:04 AM

I'm very happy with this contrib, but think it would be even better if subnets could also be banned.

I found a script that - given an IP address - will find the subnet this address belongs to (if any):
https://github.com/fail2ban/fail2ban/issues/927 (see the comment from Toreit from June 12)

Toreit also suggest how this script can be used in fail2ban.

Will it be possible to do something similar for this contrib?

Title: Re: [contrib] fail2ban
Post by: guest22 on August 18, 2017, 10:10:38 AM

Excellent question/request. I hope Daniel will take a look at this and has the time to incorporate this into the contrib.