Hello, J. Bakshi a écrit : > > fail2ban is a popular application to prevent the brute-force attack > against ssh and also against imap, pop3 etc.. But fail2ban actually > blacklist the IP and this is what fail2ban has been designed for. Now a > days we can design the same with iptables. I wonder if iptables can > provide more liberty to match IP as well as port combination so that we > don't need to blacklist the IP but only block the attempts from the IP > based on port. Say more than 3 ssh attempt from IP xxx.xxx.xxx.xxx is > detected and no more ssh attempt from the same ip is no more possible > but pop and imap still works. Is it really possible with iptables ? Detected how ? fail2ban detects authentication failures by parsing the server logs. iptables cannot do this, and IHMO should not do this. This is just not its purpose. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
