Re: F15: fail2ban not in iptables status

On Fri, Jun 3, 2011 at 4:05 AM, sguazt <marco.guazzone@xxxxxxxxx> wrote:

On Sun, May 29, 2011 at 3:30 PM, sguazt <marco.guazzone@xxxxxxxxx> wrote:

Still have problems. Under /var/log/messages I've this message:

fail2ban.comm : WARNING Invalid command: ['add', 'ssh-iptables', 'auto']

Don't know if it is related to my problem.

Anyway, I am the only one that has this problem (or that runs fail2ban ;)

Hi there. Although I do not use fail2ban this sure looks like a bug. You
should probably file a bug report.

If you want some protection from ssh intruders here are a couple of iptables
rules you can use until the fail2ban problem is resolved.

-A local_input_filter -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK
SYN -m recent --set --name SSH --rsource
-A local_input_filter -m recent --update --seconds 40 --hitcount 3 --name
SSH --rsource -j DROP

If someone tries to login to your system via ssh more than 3 times in 40
seconds any further packets will be dropped. I've been using these rules
for about 5 years and they work well.

users mailing list
To unsubscribe or change subscription options: