[CentOS] hosts.deny, fail2ban etc.

Wed Aug 4 22:22:56 UTC 2021
H <agents at meddatainc.com>

On 07/28/2021 08:44 AM, Jonathan Billings wrote:
> On Jul 27, 2021, at 16:43, H <agents at meddatainc.com> wrote:
>> |Running CentOS 7. I was under the impression - seemingly mistaken - that by adding a rule to /etc/hosts.deny such as ALL: aaa.bbb.ccc.* would ban all attempts from that network segment to connect to the server, ie before fail2ban would (eventually) ban connection attempts.
>> This, however, does not seem correct and I could use a pointer to correct my misunderstanding. How is hosts.deny used and what have I missed?
>> Is it necessary to run:
>>  iptables -I INPUT -s aaa.bbb.ccc.0/24 -j DROP
>> to drop incoming connection attempts from that subnet?
> Upstream openssh dropped support for tcp wrappers (hosts.deny) a while ago but RHEL had patched support back in for a while, but I believe it isn’t supported anymore. 
> For what it’s worth, if you use the fail2ban-firewalld package, it uses ipset rather than iptables, which is more efficient.  
> --
> Jonathan Billings
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Noted, thank you.