From 11330ff944ca27350bf944f99f4abc745d5a5656 Mon Sep 17 00:00:00 2001 From: Cyril Jaquier Date: Sat, 6 Nov 2004 14:06:06 +0000 Subject: [PATCH] - Fail2ban now support ipfw and ipfwadm - New options git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@47 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- README | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/README b/README index cd32f9a1..03303a35 100644 --- a/README +++ b/README @@ -9,8 +9,8 @@ Fail2Ban (version 0.1.1) 10/23/2004 Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too much password failures. It updates firewall -rules to reject the IP address. Currently sshd and iptables -are supported. It needs log4py. +rules to reject the IP address. Currently sshd, iptables, +ipfw and ipfwadm are supported. It needs log4py. This is my first Python program. I began learning Python for less than one week so please be understanding ;-) English is @@ -32,10 +32,11 @@ So I search for a script or program that do it. Found nothing :-( So I decide to write mine and to learn Python :-) I read the log file (/var/log/pwdfail/current on metalog) and -search for line with "Failed password". Then get the ip and -if it has already done 3 or more password failure in the last -banTime, I ban the ip for banTime using a iptable rule. After -banTime, the rule is deleted. +search for a given pattern which indicates a login attempt. +Then I get the ip and if it has already done 3 or more +password failure in the last banTime, I ban the ip for +banTime using a iptable rule. After banTime, the rule is +deleted. Runs on my server and does its job rather well :-) The idea is to make fail2ban usable with most syslog daemons and @@ -77,6 +78,7 @@ options: -b start fail2ban in background -d start fail2ban in debug mode + -e ban IP on the INTF interface -f read password failure from FILE -h display this help message -i IP(s) to ignore @@ -84,7 +86,8 @@ options: -r allow a max of VALUE password failure -t