Agile Aspect wrote: > Devraj Mukherjee wrote: > >> Hi all, >> >> I am trying to get fail2ban going on my server and its log message >> reports the following error >> >> 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q >> fail2ban-SSH' returned 256 >> 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh >> -j fail2ban-SSH >> >> Is this because of the way the RedHat tool sets up the firewall? >> >> Thanks for any responses. >> >> >> > First, have you installed iptables, shorewall, and tcp-wrappers > installed? > > Second, have you tried the failed grep expression, i.e., have > you tried > > iptables -L INPUT | grep -q fail2ban-SSH > > As to why this would fail, you need to ask on the fail2ban > mailing list since evidently this appears to be part of the > installation. > > The iptables can be setup by anyone - RedHat simply provides > a default set of rules. > > Actually, it is a rather OS dependent package and the rules for CentOS are difficult to write. That really doesn't belong on the fail2ban list either. You don't need shorewall, just the standard CentOS firewall works fine. Just be sure to only enable iptables rules. I have rules working for several things. SSH attempts, Dovecot attempts and a rule to block based on my Spamhaus setup so that the same spammer doesn't keep loading up sendmail with DNS queries. Now to try to figure out a rule for email dictionary attacks. Unfortunately the logs don't provide a good method of tying the reject to an IP address. RegEx... I'm very weak at RegEx. John Hinton