From: René B. <rb...@ca...> - 2008-06-25 22:12:10
|
JW wrote: > On Wednesday 25 June 2008 16:47:23 René Berber wrote: >> JW wrote: >>> I am using fail2ban to block ssh attacks. >>> >>> I have decided that if an IP is attacking my sshd, that I want to >>> completely ban them from accessing the system on all ports, not just on >>> ssh. >>> >>> My understanding is that the current default only bans them from atacking >>> ssh. >>> >>> Can anyone tell me if there's a way to do that? >> [snip] >> >> Just change your jail configuration to use action iptables-allports, IFF >> using iptables. For tcp-wrappers action hostsdeny is already blocking >> ALL, so no need for change. > > I'm using ip tables. > > So I can just change: > > [DEFAULT] > banaction=iptables-new > > to: > > [DEFAULT] > banaction = iptables-allports > > inside /etc/fail2ban/jail.local -- Is that correct? I haven't used banaction, I would have changed the last line in: [ssh-iptables] enabled = false filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] with: action = iptables-allports[name=SSH, protocol=tcp] but looking at the differences between those 2 actions I would guess that your use might work just as well. > BTW should this be in the wiki? The only place I see a mention of it is in the > ChangeLog: > > http://www.fail2ban.org/wiki/index.php/ChangeLog I bet it is in the manual. -- René Berber |