Re: F15: fail2ban not in iptables status



On Fri, Jun 3, 2011 at 4:05 AM, sguazt <marco.guazzone@xxxxxxxxx> wrote:

On Sun, May 29, 2011 at 3:30 PM, sguazt <marco.guazzone@xxxxxxxxx> wrote:

Hi,
Still have problems. Under /var/log/messages I've this message:

fail2ban.comm : WARNING Invalid command: ['add', 'ssh-iptables', 'auto']

Don't know if it is related to my problem.

Anyway, I am the only one that has this problem (or that runs fail2ban ;)
)?


Hi there. Although I do not use fail2ban this sure looks like a bug. You
should probably file a bug report.

If you want some protection from ssh intruders here are a couple of iptables
rules you can use until the fail2ban problem is resolved.

-A local_input_filter -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK
SYN -m recent --set --name SSH --rsource
-A local_input_filter -m recent --update --seconds 40 --hitcount 3 --name
SSH --rsource -j DROP

If someone tries to login to your system via ssh more than 3 times in 40
seconds any further packets will be dropped. I've been using these rules
for about 5 years and they work well.

Mike
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines