'[Fail2ban-users] Fail2Ban and FirewallD'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fail2ban-users
Subject:    [Fail2ban-users] Fail2Ban and FirewallD
From:       Ivan Demkovitch <idemkovitch () yahoo ! com>
Date:       2015-05-05 14:24:49
Message-ID: 3F2E3036-B0F5-45A4-864C-643BEFD8971F () yahoo ! com
[Download RAW message or body]

Hello list!

I'm still dealing with various issues setting up Fail2Ban with Asterisk on CentOS7. \
I'm wondering if many people (or any at all) use FirewallD?

http://sourceforge.net/p/fail2ban/mailman/message/34077735/

I did make some progress though. I started to run each of the firewalldcmd-ipset \
commands individually, read manuals, etc. And I found some issues. Not sure where and \
how it need to be fixed for future:

#1. ipset need to be enabled in firewalld. In my base CentOS7 install it wasn't. It \
behaves like there is no issue and it commands run but nothing happens. 

	# Is IPsec enabled?
	firewall-cmd --zone=public --query-service=ipsec
	
	# No? Then enable it:
	firewall-cmd --zone=public --add-service=ipsec
	
	# and next reboot too:
	firewall-cmd --permanent --zone=public --add-service=ipsec

#2. jail.local's bantime parameter DOES NOT control ipset's ban time. Change need to \
be made also to action.d/firewallcmd-ipset.conf (or I guess local) It's not plug and \
play with main setting. When I changed main bantime - F2B was thinking and processing \
correctly (I did 86400) but actual ban was for 600 set in action config and I was \
getting "already banned" after 10 minutes..

#3. Even though it mainly works now - there is still errors in a log on system reboot \
(see link to original message above). I'm pretty sure it is related to the fact that \
machine rebooting. It's not a problem on "systemctl restart fail2ban"


And finally. I wonder why there is no Action for pure firewalld-cmd? There is rich \
rules that can be added and removed in very similar/simple way. I was using them \
manually and they work great. At least for plain IP banning. Is it because firewallD \
pretty new or there was a problem using it in such a way?

P.S. I think there is 1 more rule missing for Asterisk as I see it's trying to ban my \
own internal IP (which I excluded, but it's more of the rule problem)

Ivan
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic