On Mon, Jan 16, 2006 at 07:59:58PM +0100, Marco Bertorello wrote:
> denyhosts can run on systems that haven't support for packet filtering,
> fail2ban can ? :)
actually it can do that
since fail2ban can be configured to run ANY command to "ban" an ip you
can add something like
fwban = "echo ssh <ip> >> /etc/deny.hosts"
fwunban = "perl -pi -e 's/^ssh <ip>$//g' /etc/deny.hosts"
or with recently changed general rule
fwban = "echo %(__name__) <ip> >> /etc/deny.hosts"
fwunban = "perl -pi -e 's/^%(__name__) <ip>$//g' /etc/deny.hosts"
just choose names of the sections appropriately :-) or add another
"interpolation" name into config file.
feel free to mod the lines up to your needs to make it truly functional
That is the advantage of fail2ban that it is not really doomed to use
iptables but prefers them since it is the best way (as author(s) think)
You are to choose an alternative way to ban if you want to do so
> BTW, why "keep it away from the archive" ?
> Users that can choose are happy users :)
I agree! also it forces authors and maintainers to add more features
which might be present in the other package. Also within time it will be
interesting which package will be of prereference among the users :-))
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
Attachment:
pgpwNaXxun9dQ.pgp
Description: PGP signature