On 4/20/2012 9:25 AM, Tilman Schmidt wrote:
Am 20.04.2012 08:02, schrieb Bob Hoffman: ction = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp] I prefer action = iptables-allports on all of these, so that a source address attempting a bruteforce attack on one service is immediately banned from all services. I can't imagine a scenario where a machine that got blocked, for example, for attempting to bruteforce passwords via SMTP AUTH, should be allowed to try via FTP next. Even password attempts against ssh, which accepts only public key authentication on all my machines, trigger a block on all ports. So far I haven't had a single complaint about that.
service fail2ban start chkconfig fail2ban on service iptables restart (not sure if you have to or not with each fail2ban restart)
I don't think you have to. I never do, and it works fine anyway.
U will try the 'all ports' for sure, that was what I wanted. Logwatch, as it comes with centos, does not have any scripts at all for fail2ban, mine were pretty devoid of anything I added the 7.4 stuff and am playing with it now. I have seen no logging yet of any attempts nor do I know any way of seeing if it works. will post final solution if I ever see it working.