Over the last few days I noticed in my logwatch e-mails that one IP address kept trying to log in to my server, even though it was blocked regularly by fail2ban.
Here’s a post that explains how to simply add a list of IP addresses to block permanently. There’s only one catch: the listing provided there contains an error, the word
<name> is missing in the iptables command, probably due to HTML conversion. This is the correct line to be insterted into the actionstart section of /etc/fail2ban/action.d/iptables-multiport.conf:
Use the following command to check if the IP address is indeed banned:
$ sudo iptables -L fail2ban-ssh Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 192.168.20.25 anywhere RETURN all -- anywhere anywhere
Fuente: http://blog.karssen.org/2013/12/12/permantly-ban-an-ip-address-with-fail2ban/
Perdonen la no traducción pero el tiempo no da para mucho... espero les sea útil.
No hay comentarios:
Publicar un comentario