On 4/20/2012 9:25 AM, Tilman Schmidt wrote: > Am 20.04.2012 08:02, schrieb Bob Hoffman: > ction = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp] > I prefer action = iptables-allports on all of these, so that a > source address attempting a bruteforce attack on one service is > immediately banned from all services. I can't imagine a scenario > where a machine that got blocked, for example, for attempting to > bruteforce passwords via SMTP AUTH, should be allowed to try via > FTP next. Even password attempts against ssh, which accepts only > public key authentication on all my machines, trigger a block on > all ports. So far I haven't had a single complaint about that. >> service fail2ban start >> chkconfig fail2ban on >> service iptables restart (not sure if you have to or not with each >> fail2ban restart) >> >> I don't think you have to. I never do, and it works fine anyway. U will try the 'all ports' for sure, that was what I wanted. Logwatch, as it comes with centos, does not have any scripts at all for fail2ban, mine were pretty devoid of anything I added the 7.4 stuff and am playing with it now. I have seen no logging yet of any attempts nor do I know any way of seeing if it works. will post final solution if I ever see it working.