:: Re: [DNG] nftables firewall and fai…
Top Page
Delete this message
Reply to this message
Author: Keith Christian
Date:  
To: dng
Subject: Re: [DNG] nftables firewall and fail2ban replacement.
A technique I learned is to use the "fail2ban-regex" command with a
log file sample containing actual traffic that you want banned.

E.g. for Apache logs from the shell prompt:

$ fail2ban-regex /path/to/apache/logs/access_log.????.??.??-??_??_??
/etc/fail2ban/filter.d/apache-404.conf

You'll get a report if the regexes in the apache-404.conf or whatever
filter you're using is detecting traffic or not, according to whatever
jail file is in use.

I'm sure that with your experience in Fail2ban, you already
double-check all the settings in the jail file like logpath, maxretry,
findtime, and bantime.