github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

adjusted multiport section as promised in changelog

pull/3/head
Yaroslav Halchenko 2007-01-04 20:19:58 +00:00
parent e570f14a5d
commit acfebf3475
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
debian/README.Debian vendored
View File

@ -79,27 +79,32 @@ protocol = tcp
* Multiport banning: Comment for the wishlist #373592. * Multiport banning: Comment for the wishlist #373592.
Default iptables rules for banning use --dport statement which allows to Default iptables rules for banning use --dport statement which allows
ban just a single port. For multiport banning you would need to adjust iptables to ban just a single port. For multiport banning you would need to use
rules to use multiport module ( -m multiport --dports %(port)s ). If you would iptables-multiport action (just override banaction in jail.local),
like to ban all ports for that host, just redefine fwban/fwunban commands to which is present in fail2ban shipped in Debian since 0.7.6-1.
don't have --dport %(port)s statement at all (can be redefined on per-section
basis as well) If you would like to ban all ports for that host, just redefine
Such option is not enabled by default since multiport module might not be fwban/fwunban commands to don't have --dport %(port)s statement at
compiled for some hand compiled kernels. all, or use shorewall, where actionban bans whole IP.
iptables-multiport action is not default banaction since multiport
module might not be compiled for some hand compiled kernels.
* Blocking of NEW connections only * Blocking of NEW connections only
Comment for the wishlist #350746. Comment for the wishlist #350746.
It might be benefitial in some cases to ban only new connections. For It might be benefitial in some cases to ban only new connections. For
that just use iptables-new action instead of default iptables: that just use iptables-new action instead of default banaction
/etc/fail2ban/jail.local: /etc/fail2ban/jail.local:
[DEFAULT] [DEFAULT]
action = iptables-new[name=%(__name__)s, port=%(port)s] banaction=iptables-new
or override action within interesting for you section (you can override banaction within interesting for you section).
Also you can redefine the whole action parameter if you like.
Troubleshooting: Troubleshooting:
@ -200,4 +205,4 @@ P.S. Anyone is welcome to recommend proper security solution to this
issue, such as an alternative to sysklogd which allows better control issue, such as an alternative to sysklogd which allows better control
over users logging to specific facilities (such as AUTH) over users logging to specific facilities (such as AUTH)
-- Yaroslav O. Halchenko <debian@onerussian.com>, Thu, 7 Dec 2006 18:09:36 -0500 -- Yaroslav Halchenko <debian@onerussian.com>, Thu, 4 Jan 2007 15:18:39 -0500