Menu
▾
▴
Re: [webmin-l] Conflict in iptables between fail2ban and webmin?
|
From: Tyler J. W. <ty...@to...> - 2011-03-18 08:11:55
|
On Thu, 2011-03-17 at 23:40 -0400, Yehuda Katz wrote: > The server that I am working on now if not my first > iptables experience, but it is my first fail2ban and > webmin experience. > One of the first things I did on my current server though, was install > fail2ban (the nasty traffic hit within minutes of the server coming > online). This is a standard problem of fail2ban assuming it must insert all its rules for you, and any tool that wants to manage them. That alone isn't a problem. The problem is when the firewall manager (even as something as simple as someone reloading them with iptables-restore) overwrites the rules fail2ban inserted. My solution was to add fail2ban rules into my standing firewall config: :fail2ban-ssh - [0:0] :fail2ban-postfix - [0:0] -A INPUT -p tcp -m tcp --dport 22 -j fail2ban-ssh -A INPUT -p tcp -m tcp -m multiport -j fail2ban-postfix --dports 25,587 ... and modify fail2ban's config to only add/remove ban rules to the appropriate chains. See the attached, which works on the fail2ban from hardy to today. Regards, Tyler -- "The hottest places in Hell are reserved for those who, in times of moral crisis, preserved their neutrality." -- Dante |
