Difference between revisions of "Talk:Features"

From Fail2ban
Jump to: navigation, search
Line 2: Line 2:
Would it be possible to add support for BSD ip or pf?
Would it be possible to add support for BSD ip or pf?
[http://irtfweb.ifa.hawaii.edu/gallery/staff.php http://irtfweb.ifa.hawaii.edu/gallery/staff.php] buy cheap viagra
[http://irtfweb.ifa.hawaii.edu/gallery/facility.php http://irtfweb.ifa.hawaii.edu/gallery/facility.php] buy cheap cialis
[http://irtfweb.ifa.hawaii.edu/gallery/staff.php http://irtfweb.ifa.hawaii.edu/gallery/staff.php] order viagra nonprescription
[http://irtfweb.ifa.hawaii.edu/gallery/facility.php http://irtfweb.ifa.hawaii.edu/gallery/facility.php] order cialis
[http://irtfweb.ifa.hawaii.edu/gallery/staff.php http://irtfweb.ifa.hawaii.edu/gallery/staff.php] generic viagra
[http://irtfweb.ifa.hawaii.edu/gallery/facility.php http://irtfweb.ifa.hawaii.edu/gallery/facility.php] generic cialis soft tabs
[http://irtfweb.ifa.hawaii.edu/gallery/staff.php http://irtfweb.ifa.hawaii.edu/gallery/staff.php] buy viagra soft tabs
[http://irtfweb.ifa.hawaii.edu/gallery/facility.php http://irtfweb.ifa.hawaii.edu/gallery/facility.php] buy cialis online
[http://irtfweb.ifa.hawaii.edu/gallery/staff.php http://irtfweb.ifa.hawaii.edu/gallery/staff.php] buy viagra online
[http://irtfweb.ifa.hawaii.edu/gallery/facility.php http://irtfweb.ifa.hawaii.edu/gallery/facility.php] purchase viagra cialis
[http://irtfweb.ifa.hawaii.edu/gallery/staff.php http://irtfweb.ifa.hawaii.edu/gallery/staff.php] discount viagra soft tabs
[http://irtfweb.ifa.hawaii.edu/gallery/facility.php http://irtfweb.ifa.hawaii.edu/gallery/facility.php] cialis viagra online
[http://your-best-pills-online.com/?wm=16744&tr=8030&keywords=viagra+nonprescription Viagra nonprescription] =BUY NOW=
[http://your-best-pills-online.com/?wm=16744&tr=8030&keywords=viagra+nonprescription Viagra nonprescription] =BUY NOW=

Revision as of 01:19, 22 March 2011

Support for BSD ip or pf

Would it be possible to add support for BSD ip or pf?

http://irtfweb.ifa.hawaii.edu/gallery/staff.php buy cheap viagra http://irtfweb.ifa.hawaii.edu/gallery/facility.php buy cheap cialis http://irtfweb.ifa.hawaii.edu/gallery/staff.php order viagra nonprescription http://irtfweb.ifa.hawaii.edu/gallery/facility.php order cialis

nonprescription http://irtfweb.ifa.hawaii.edu/gallery/staff.php generic viagra http://irtfweb.ifa.hawaii.edu/gallery/facility.php generic cialis soft tabs http://irtfweb.ifa.hawaii.edu/gallery/staff.php buy viagra soft tabs http://irtfweb.ifa.hawaii.edu/gallery/facility.php buy cialis online http://irtfweb.ifa.hawaii.edu/gallery/staff.php buy viagra online http://irtfweb.ifa.hawaii.edu/gallery/facility.php purchase viagra cialis http://irtfweb.ifa.hawaii.edu/gallery/staff.php discount viagra soft tabs http://irtfweb.ifa.hawaii.edu/gallery/facility.php cialis viagra online

Viagra nonprescription =BUY NOW= Pills online order =BUY NOW= Order viagra nonprescription =BUY NOW= Levitra no prescription =BUY NOW= Order VIAGRA without prescription =BUY NOW= Buy pills online =BUY NOW= Generic viagra =BUY NOW= Discount+viagra =BUY NOW= Viagra viagra =BUY NOW= Viagra no prescription =BUY NOW= No prescription order =BUY NOW= Buy viagra no prescription =BUY NOW=

See [1] for some script that does this.

It is copied below for convenience

list of banned addresses
sudo pfctl -t fail2ban -T show

Chris Jones - 2009.06.17


# PF jail


enabled = true
filter  = sshd
action  = pf
          sendmail-whois[name=SSH, dest=email at domain.com]
logpath = /var/log/auth.log




actionstart = 
actionstop = 
actioncheck = 
actionban = pfctl -t fail2ban -T add  <ip>
actionunban = pfctl -t fail2ban -T delete `pfctl -t fail2ban -T show 2>/dev/null | grep <ip>`


port = ssh
localhost =



table <fail2ban> persist
block in on $ext_if from <fail2ban>

Banning entire countries ip

Please support banning of entire countries, see also Talk:HOWTO_use_geoiplookup and Feature tracker on Source Forge.

Automatic abuse mail sending

Would it be possible to add a hook that can detect the abuse mail for that IP (with whois in the first time, and maybe some better tool afterwards) and send an automatic email to the abuse adresse with portion of the log incriminated ?

It can be useful for 2 case :

  • an hoster can know someone use badly its service. And if not, some server is hacked and must be reinstalled.
  • the user of a server can receive an abuse mail without knowing his box is hacked, so he can take the action to get his box clean.

I think it's a virtuous circle IF the abuse mail is treated as it should do ;)

Munin/cacti/rrd action ?

The asynchronuous file survey is awesome in term of efficiency compared to the "grep pattern | wc -l" shipped with cacti, or munin.

I'am already developping a counter updater (that I later use with munin) in perl that I use as an action in fail2ban, but (I guess it's not developement but a cookbook) isn't that possibly generalized ?

In this case, maybe lordOfTheFile (one program to survey them all) would be a better name than fail2ban :)

Fail2ban has the meanings to be a cool platform to get rid of archaic script for server survey. And as of munin it is a specialized efficient tool. Those two projects are really complementary.

Add a success filter to reset the retry counter

There is currently no way to reset the retry counter for an IP if that IP made a successful login. It would be useful to have a filter rule that detects a successful login from that HOST. The default action could reset the counter. This would also better match with the expectation of a common user.