On Mon, Jan 16, 2006 at 07:59:58PM +0100, Marco Bertorello wrote: > denyhosts can run on systems that haven't support for packet filtering, > fail2ban can ? :) actually it can do that since fail2ban can be configured to run ANY command to "ban" an ip you can add something like fwban = "echo ssh <ip> >> /etc/deny.hosts" fwunban = "perl -pi -e 's/^ssh <ip>$//g' /etc/deny.hosts" or with recently changed general rule fwban = "echo %(__name__) <ip> >> /etc/deny.hosts" fwunban = "perl -pi -e 's/^%(__name__) <ip>$//g' /etc/deny.hosts" just choose names of the sections appropriately :-) or add another "interpolation" name into config file. feel free to mod the lines up to your needs to make it truly functional That is the advantage of fail2ban that it is not really doomed to use iptables but prefers them since it is the best way (as author(s) think) You are to choose an alternative way to ban if you want to do so > BTW, why "keep it away from the archive" ? > Users that can choose are happy users :) I agree! also it forces authors and maintainers to add more features which might be present in the other package. Also within time it will be interesting which package will be of prereference among the users :-)) -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555]
Attachment:
pgpwNaXxun9dQ.pgp
Description: PGP signature