Dear list, fail2ban is a popular application to prevent the brute-force attack against ssh and also against imap, pop3 etc.. But fail2ban actually blacklist the IP and this is what fail2ban has been designed for. Now a days we can design the same with iptables. I wonder if iptables can provide more liberty to match IP as well as port combination so that we don't need to blacklist the IP but only block the attempts from the IP based on port. Say more than 3 ssh attempt from IP xxx.xxx.xxx.xxx is detected and no more ssh attempt from the same ip is no more possible but pop and imap still works. Is it really possible with iptables ? Any idea ? Thanks -- জয়দীপ বক্সী -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
