[CentOS] hosts.deny, fail2ban etc.

Tue Jul 27 21:17:15 UTC 2021
Pete Biggs <pete at biggs.org.uk>

On Tue, 2021-07-27 at 16:43 -0400, H wrote:
> > Running CentOS 7. I was under the impression - seemingly mistaken -
> > that by adding a rule to /etc/hosts.deny such as ALL: aaa.bbb.ccc.*
> > would ban all attempts from that network segment to connect to the
> > server, ie before fail2ban would (eventually) ban connection
> > attempts.
> This, however, does not seem correct and I could use a pointer to
> correct my misunderstanding. How is hosts.deny used and what have I
> missed?

hosts.deny is only used by specific programs that use TCP wrappers. It
is not a general "deny this host access".

Also note that fail2ban operates on individual hosts, not subnets.

> Is it necessary to run:
>  iptables -I INPUT -s aaa.bbb.ccc.0/24 -j DROP
> to drop incoming connection attempts from that subnet?
If you use iptables yes, probably.  Firewalld has a specific drop zone
that you can use:

  firewall-cmd --zone=drop --add-source=aaa.bbb.ccc.0/24

(with suitable --permanent flag if you want it permanent).