Comments (6)
Could you just log iptables to some file (using syslog) and have fail2ban watch that file? If you already have iptables logging through syslog, use the log-prefix and a fail2ban regex to look for it....seems simple enough to do out-of-band :)
A more user-friendly way to get this going is all I can think of regarding changes to fail2ban...a jail config and setting for the iptables/syslog regex to look for....
from fail2ban.
yes yes yes -- it should be indeed quite trivial to work out -- just might be dependent on syslog configuration on where it dumps the iptables logs, otherwise it is just trivial and would not require any fail2ban code change -- just an action (to set iptable's log actions), filter (to monitor corresponding log with dumped logs from iptables) + jail ;-)
from fail2ban.
Seems excessive now that I think about it, would require logging every DROP/REJECT or inserting a rule where fail2ban does not usually (before any drop? dynamically somehow to see all traffic not explicitly accepted?). I'd probably suggest closing this Issue without further ideas.
from fail2ban.
well -- someone motivated could still come up with some recipe for piping those LOGs to fail2ban (thus avoiding permanent file storage) etc. Just a wishlist, so why not to keep it floating around?
from fail2ban.
Fair enough, I was flipping through the 100+ issues looking for something to help with and was a bit overcome/scattered by so many ... I'll say spurious, for lack of a better word ... requests. This particularly was a bit counter-intuitive to what I have learned as best firewall logging practice, so feel unlikely to be implemented even if coded into fail2ban. Just my two-cents :)
from fail2ban.
ok -- tagged with a brand new tag and closed to improve SNR on the issue tracker ;)
from fail2ban.
Related Issues (20)
- [RFE]: Document upgrade (in)compatibility HOT 1
- [FR]: nginx-limit-conn.conf HOT 1
- [BR]: wont run HOT 1
- [BR]: iptables action: no chains after start HOT 3
- [BR]: systemd-journal - Fail2Ban doesn't see all log records that journalctl does HOT 2
- unable to create multiple logs folders in logpath HOT 2
- [BR]: OOM (f2b/a.sshd invoked oom-killer) HOT 3
- Fail2ban unable to start in ubuntu 24.04 container HOT 2
- [RFE]: ASN/Country based ban using IPinfo's free IP to Country ASN MMDB database
- [BR]: ignoreregex are ignored if the line does not match "failregex" (making them more like "ignorematchingregex") HOT 1
- [FR]: I want to ban every host in log but I can't figure it out. HOT 3
- [FR]: coturn.log regex filter HOT 6
- [RFE]: Mix `<fid>` and `<ip>` in a ban action HOT 2
- [BR]: fail2ban complains about missing key in the default config file HOT 1
- [BR]: dpkg: warning: unable to delete old directory '/usr/lib/systemd/system': Directory not empty HOT 1
- [FR]: Fail2Ban stops functioning periodically without any evident reason HOT 1
- [BR]: ERROR: cannot import name 'MutableMapping' from 'collections' (/usr/lib/python3.11/collections/__init__.py) HOT 4
- [BR]: Jail works but no chain created in iptables HOT 4
- [BR]: STDIN is closed and triggers libuv error in external programs during actionban HOT 8
- [FR]: sshd failed login attempts not detected? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fail2ban.