On Saturday 2010-04-17 18:01, Alessandro Vesely wrote: > On 16/Apr/10 09:28, Jan Engelhardt wrote: >> On Friday 2010-04-16 05:57, J. Bakshi wrote: >>> >>> fail2ban is a popular application to prevent the brute-force attack >>> against ssh and also against imap, pop3 etc.. But fail2ban actually >>> blacklist the IP and this is what fail2ban has been designed for. >>> Now a days [nowadays] we can design the same with iptables. >> >> fail2ban has the ability - if I read its own short description right - to >> already use various blocking methods, including not only /etc/hosts.deny >> but also iptables. > > I don't think it uses netfilter, though. I've read it has to restart a daemon > in order to unlist an IP --not sure it's still so for the current version. Better know than think. N.B.: If what http://en.wikipedia.org/wiki/Fail2ban says is not correct, by all means you should correct it. Besides, if it is accurate, it uses iptables, not directly Netfilter. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
