On 4/20/2012 2:24 AM, Bob Hoffman wrote:
if I could add something, definitely put ports, if numbers, in quotes...without quotes I got some errors in the logs port=ftp, no quotes.....port="2222" quotes
and I added one for vsftp, I use port 5000
[vsftpd-iptables] enabled = true filter = vsftpd action = iptables[name=VSFTPD, port="5000", protocol=tcp] logpath = /var/log/vsftpd.log maxretry = 5 bantime = 1800 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
my final add on this tonight..
due to the older versions of 'whatever' centos uses, there will be errors on startup of fail2ban regarding multiport jails. To avoid these errors it was suggested to add a sleep mechanism to the start up commands in the proper file.
/etc/fail2ban/action.d/iptables-mutliport.conf
added a sleep line sleep `perl -e 'print rand(3);'` to line 14 and dropped everything down one line to make room for it
actionstart = sleep `perl -e 'print rand(3);'` iptables -N fail2ban-<name> iptables -A fail2ban-<name> -j RETURN iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>