[Firewall] Arno's script and fail2bain

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Tue Mar 17 14:26:34 CET 2015


Lonnie, you're indeed correct: when AIF is restarted fail2ban's iptables 
rules will be flushed as well.

On 17-Mar-15 14:21, Lonnie Abelbeck wrote:
> I think the problem would be when AIF was restarted any fail2ban connections to the INPUT chain would be removed.
>
> Ideally, an AIF plugin that would start/stop fail2ban within Arno's script would be the best solution.
>
> In the AstLinux project we don't have python (small embedded system) so we had to roll our own via shell scripting.
>
> Lonnie
>
>
> On Mar 17, 2015, at 1:51 AM, Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl> wrote:
>
>> As far as I know fail2ban and AIF should work fine side by side...
>>
>> On 17-Mar-15 4:00, Lonnie Abelbeck wrote:
>>> Hi Russell,
>>>
>>> Not that I know of... but, in the AstLinux project we have written a much simplified variant as an "Adaptive Ban" plugin for AIF.
>>>
>>> The "Adaptive Ban" plugin is in the "contrib" folder of Arno's standard distribution:
>>> https://github.com/arno-iptables-firewall/aif/tree/master/contrib/AstLinux
>>>
>>> The latest "Adaptive Ban" plugin version can be found here:
>>> http://svn.code.sf.net/p/astlinux/code/branches/1.0/package/arnofw/adaptive-ban/
>>>
>>> (Note: remove the SVN file ".sh" suffixes to be used directly with generic AIF)
>>>
>>> Currently the only supported analysis types are:
>>> --
>>> # A list of analysis types that are applied
>>> # Choose from: sshd asterisk kamailio lighttpd prosody pptpd
>>> --
>>>
>>> I mention this only as a template to customize for your particular purpose.  There may be tweaks needed for you specific distro.
>>>
>>> Lonnie
>>>
>>>
>>> On Mar 16, 2015, at 7:30 PM, Russell Treleaven <rtreleaven at bunnykick.ca> wrote:
>>>
>>>> Has anyone used Arnos' script and fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page together?
>>>>
>>>> Any pointers?
>>>>
>>>> Sincerely,
>>>>
>>>> Russell Treleaven
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>


More information about the Firewall mailing list