github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

BF: adjusted README.Debian - multiport is default (closes: #545971)

pull/3/head
Yaroslav Halchenko 2009-09-10 09:09:01 -04:00
parent d2695899a0
commit 3dd16eeddf
1 changed files with 4 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
debian/README.Debian vendored
View File

@ -77,21 +77,16 @@ port = ssh
protocol = tcp protocol = tcp
* Multiport banning: Comment for the wishlist #373592. * Multiport banning: Comment for #373592, #545971
Default iptables rules for banning use --dport statement which allows iptables-multiport action is now default banaction (file jail.conf, to
to ban just a single port. For multiport banning you would need to use be customized within jail.local). Therefore assure that you have built
iptables-multiport action (just override banaction in jail.local), multiport module if you use custom kernel.
which is present in fail2ban shipped in Debian since 0.7.6-1.
If you would like to ban all ports for that host, just redefine If you would like to ban all ports for that host, just redefine
fwban/fwunban commands to don't have --dport %(port)s statement at fwban/fwunban commands to don't have --dport %(port)s statement at
all, or use shorewall, where actionban bans whole IP. all, or use shorewall, where actionban bans whole IP.
iptables-multiport action is not default banaction since multiport
module might not be compiled for some hand compiled kernels.
* Blocking of NEW connections only * Blocking of NEW connections only
Comment for the wishlist #350746. Comment for the wishlist #350746.