Comments (6)
leeclemens
commented on May 16, 2024
Could you just log iptables to some file (using syslog) and have fail2ban watch that file? If you already have iptables logging through syslog, use the log-prefix and a fail2ban regex to look for it....seems simple enough to do out-of-band :)
A more user-friendly way to get this going is all I can think of regarding changes to fail2ban...a jail config and setting for the iptables/syslog regex to look for....
from fail2ban.
yarikoptic
commented on May 16, 2024
yes yes yes -- it should be indeed quite trivial to work out -- just might be dependent on syslog configuration on where it dumps the iptables logs, otherwise it is just trivial and would not require any fail2ban code change -- just an action (to set iptable's log actions), filter (to monitor corresponding log with dumped logs from iptables) + jail ;-)
from fail2ban.
leeclemens
commented on May 16, 2024
Seems excessive now that I think about it, would require logging every DROP/REJECT or inserting a rule where fail2ban does not usually (before any drop? dynamically somehow to see all traffic not explicitly accepted?). I'd probably suggest closing this Issue without further ideas.
from fail2ban.
yarikoptic
commented on May 16, 2024
well -- someone motivated could still come up with some recipe for piping those LOGs to fail2ban (thus avoiding permanent file storage) etc. Just a wishlist, so why not to keep it floating around?
from fail2ban.
leeclemens
commented on May 16, 2024
Fair enough, I was flipping through the 100+ issues looking for something to help with and was a bit overcome/scattered by so many ... I'll say spurious, for lack of a better word ... requests. This particularly was a bit counter-intuitive to what I have learned as best firewall logging practice, so feel unlikely to be implemented even if coded into fail2ban. Just my two-cents :)
from fail2ban.
yarikoptic
commented on May 16, 2024
ok -- tagged with a brand new tag and closed to improve SNR on the issue tracker ;)
from fail2ban.
Related Issues (20)
- [RFE]: Document upgrade (in)compatibility HOT 1
- [FR]: nginx-limit-conn.conf HOT 1
- [BR]: wont run HOT 1
- [BR]: iptables action: no chains after start HOT 3
- [BR]: systemd-journal - Fail2Ban doesn't see all log records that journalctl does HOT 2
- unable to create multiple logs folders in logpath HOT 2
- [BR]: OOM (f2b/a.sshd invoked oom-killer) HOT 3
- Fail2ban unable to start in ubuntu 24.04 container HOT 2
- [RFE]: ASN/Country based ban using IPinfo's free IP to Country ASN MMDB database
- [BR]: ignoreregex are ignored if the line does not match "failregex" (making them more like "ignorematchingregex") HOT 1
- [FR]: I want to ban every host in log but I can't figure it out. HOT 3
- [FR]: coturn.log regex filter HOT 6
- [RFE]: Mix `<fid>` and `<ip>` in a ban action HOT 2
- [BR]: fail2ban complains about missing key in the default config file HOT 1
- [BR]: dpkg: warning: unable to delete old directory '/usr/lib/systemd/system': Directory not empty HOT 1
- [FR]: Fail2Ban stops functioning periodically without any evident reason HOT 1
- [BR]: ERROR: cannot import name 'MutableMapping' from 'collections' (/usr/lib/python3.11/collections/__init__.py) HOT 4
- [BR]: Jail works but no chain created in iptables HOT 4
- [BR]: STDIN is closed and triggers libuv error in external programs during actionban HOT 8
- [FR]: sshd failed login attempts not detected? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fail2ban.