[Firewall] fail2ban + fw

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Fri Feb 3 15:43:21 CET 2012


Dunno. Depends on how fail2ban's init script handles that. Did you 
try/test this?

I think a more elegant way would be to save & restore fail2ban's 
iptables rules but doing that is probably it's not that straightforward.

Another option could be creating a hook for fail2ban itself (which would 
make it work the other way around). It's a shame fail2ban doesn't 
properly create an INPUT-sub-chain and use that for all the additional 
chains, unless you create an /etc/fail2ban/action.d/ rule for that. This 
would make the rest trivial...

Any feedback is welcome. Would sure be nice to have proper support for 
fail2ban in my firewall. It has been on my todo-list for quite some time 
now.

a.


On 03-Feb-12 10:46, Robert Bain wrote:
> Wouldn't the pid/lock stop that happening
>
> -----Original Message-----
> From: firewall-bounces at rocky.eld.leidenuniv.nl
> [mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf Of Arno van
> Amersfoort
> Sent: 03 February 2012 09:44
> To: Arno's IPTABLES firewall script
> Subject: Re: [Firewall] fail2ban + fw
>
> Hello Robert,
>
> Thanks for your efforts. Only thing I'm wondering about is the fact that the
> plugin stops/starts fail2ban. Won't this conflict with init also doing this?
> What happens if init already started fail2ban and it's started again by aif.
>
> cheers,
>
> arno
>
> On 02-Feb-12 16:57, Robert Breithuber wrote:
>> hello,
>>
>> when using fail2ban together with the firewall, all the fail2ban
>> iptables rules get lost when e.g. restarting the firewall.
>>
>> this attached is a little plugin that starts and stops fail2ban
>> according to the firewall.
>>
>> your comments are welcome.
>>
>> ng,
>> robert
>>
>>
>>
>>
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>


More information about the Firewall mailing list