:: Re: [DNG] nftables firewall and fai…
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Keith Christian
Fecha:  
A: dng
Asunto: Re: [DNG] nftables firewall and fail2ban replacement.
A technique I learned is to use the "fail2ban-regex" command with a
log file sample containing actual traffic that you want banned.

E.g. for Apache logs from the shell prompt:

$ fail2ban-regex /path/to/apache/logs/access_log.????.??.??-??_??_??
/etc/fail2ban/filter.d/apache-404.conf

You'll get a report if the regexes in the apache-404.conf or whatever
filter you're using is detecting traffic or not, according to whatever
jail file is in use.

I'm sure that with your experience in Fail2ban, you already
double-check all the settings in the jail file like logpath, maxretry,
findtime, and bantime.