Summary: | net-analyzer/fail2ban /etc/init.d/fail2ban should depend() on iptables ("need") | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Raphael Marichez (Falco) (RETIRED) <falco> |
Component: | New packages | Assignee: | Gentoo Netmon project <netmon> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | cyril.jaquier |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Raphael Marichez (Falco) (RETIRED)
2006-06-14 15:31:50 UTC
Hi, Fail2ban can work with tcp wrapper, shorewall or anything else too. Netfilter (iptables) was the first implemented and seems to be the most popular. Iptables is not mandatory but is the default solution in order to ban aggressive hosts. Moreover, Fail2ban should handle a firewall restart quite well. It should check that the chain fail2ban-ssh is present and if it is not the case, Fail2ban should recreate it on the next failure. Thus, I suggest to leave "after iptables". shouldn't it be restarted after shorewall restart too ? (In reply to comment #2) > shouldn't it be restarted after shorewall restart too ? > When using the "iptables" action, Fail2ban will check before banning a new host that some requirements are met such as the existence of a given chain. If this check fails, Fail2ban will recreate the chain and thus restore a proper environnement. So it shouldn't be a big problem. Fail2ban restores the fail2ban-ssh chain when it needs to add a new rule |