[Fail2ban-commit] SF.net SVN: fail2ban:[761] branches/FAIL2BAN-0_8/config/jail.conf

[<yar...@us...>]

Revision: 761
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=761&view=rev
Author:   yarikoptic
Date:     2010-06-29 01:34:08 +0000 (Tue, 29 Jun 2010)

Log Message:
-----------
disabling entirely named-refused-udp jail with a big fat warning

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/config/jail.conf

Modified: branches/FAIL2BAN-0_8/config/jail.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/jail.conf	2010-06-22 14:33:05 UTC (rev 760)
+++ branches/FAIL2BAN-0_8/config/jail.conf	2010-06-29 01:34:08 UTC (rev 761)
@@ -211,15 +211,23 @@
 # in your named.conf to provide proper logging.
 # This jail blocks UDP traffic for DNS requests.
 
-[named-refused-udp]
+# !!! WARNING !!!
+#   Since UDP is connectionless protocol, spoofing of IP and immitation
+#   of illegal actions is way too simple.  Thus enabling of this filter
+#   might provide an easy way for implementing a DoS against a chosen
+#   victim. See
+#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
+#   Please DO NOT USE this jail unless you know what you are doing.
+#
+# [named-refused-udp]
+#
+# enabled  = false
+# filter   = named-refused
+# action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
+#            sendmail-whois[name=Named, dest=yo...@ma...]
+# logpath  = /var/log/named/security.log
+# ignoreip = 168.192.0.1
 
-enabled  = false
-filter   = named-refused
-action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
-           sendmail-whois[name=Named, dest=yo...@ma...]
-logpath  = /var/log/named/security.log
-ignoreip = 168.192.0.1
-
 # This jail blocks TCP traffic for DNS requests.
 
 [named-refused-tcp]


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.