Robin Kipp wrote at 2013-09-14 16:08 -0500:
> Any workaround for this, or is there a better alternative to Fail2ban?
It seems that fail2ban still does not support ipv6.
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470417>
<https://github.com/fail2ban/fail2ban/issues/39>
Perhaps it would work to implement the filtering via iptables or the
particular service configuration?
You can use the iptables `recent` module to eg. allow only 8 ssh
attempts from a source IP in 5 minutes. In ferm syntax (from
<https://wiki.debian.org/ferm>):
domain (ip ip6) table filter chain INPUT {
protocol tcp dport ssh @subchain {
mod recent name SSH {
set NOP;
update seconds 300 hitcount 8 @subchain {
LOG log-prefix "Blocked-ssh: " log-level warning;
DROP;
}
}
ACCEPT;
}
}
Attachment:
signature.asc
Description: Digital signature