[Firewall] Arno's script and fail2bain

Lonnie Abelbeck lists at lonnie.abelbeck.com
Tue Mar 17 14:21:53 CET 2015


I think the problem would be when AIF was restarted any fail2ban connections to the INPUT chain would be removed.

Ideally, an AIF plugin that would start/stop fail2ban within Arno's script would be the best solution.

In the AstLinux project we don't have python (small embedded system) so we had to roll our own via shell scripting.

Lonnie


On Mar 17, 2015, at 1:51 AM, Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl> wrote:

> As far as I know fail2ban and AIF should work fine side by side...
> 
> On 17-Mar-15 4:00, Lonnie Abelbeck wrote:
>> Hi Russell,
>> 
>> Not that I know of... but, in the AstLinux project we have written a much simplified variant as an "Adaptive Ban" plugin for AIF.
>> 
>> The "Adaptive Ban" plugin is in the "contrib" folder of Arno's standard distribution:
>> https://github.com/arno-iptables-firewall/aif/tree/master/contrib/AstLinux
>> 
>> The latest "Adaptive Ban" plugin version can be found here:
>> http://svn.code.sf.net/p/astlinux/code/branches/1.0/package/arnofw/adaptive-ban/
>> 
>> (Note: remove the SVN file ".sh" suffixes to be used directly with generic AIF)
>> 
>> Currently the only supported analysis types are:
>> --
>> # A list of analysis types that are applied
>> # Choose from: sshd asterisk kamailio lighttpd prosody pptpd
>> --
>> 
>> I mention this only as a template to customize for your particular purpose.  There may be tweaks needed for you specific distro.
>> 
>> Lonnie
>> 
>> 
>> On Mar 16, 2015, at 7:30 PM, Russell Treleaven <rtreleaven at bunnykick.ca> wrote:
>> 
>>> Has anyone used Arnos' script and fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page together?
>>> 
>>> Any pointers?
>>> 
>>> Sincerely,
>>> 
>>> Russell Treleaven



More information about the Firewall mailing list