On Friday 2010-04-16 05:57, J. Bakshi wrote: > >fail2ban is a popular application to prevent the brute-force attack >against ssh and also against imap, pop3 etc.. But fail2ban actually >blacklist the IP and this is what fail2ban has been designed for. >Now a days [nowadays] we can design the same with iptables. fail2ban has the ability - if I read its own short description right - to already use various blocking methods, including not only /etc/hosts.deny but also iptables. >I wonder if iptables can >provide more liberty to match IP as well as port combination so that we >don't need to blacklist the IP but only block the attempts from the IP >based on port. Say more than 3 ssh attempt from IP xxx.xxx.xxx.xxx is >detected and no more ssh attempt from the same ip is no more possible >but pop and imap still works. Is it really possible with iptables ? Any >idea ? > >Thanks > >-- >জয়দীপ বক্সী > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
