[Oisf-users] fail2ban integration

James Moe jimoe at sohnen-moe.com
Sat May 4 19:55:07 UTC 2019

On 04/05/2019 4.15 AM, Marios Spinthiras wrote:

> To overcome this hurdle and gain the IPS capability of blocking 
> offenders but still running in AF_PACKET, I implemented a fail2ban 
> integration.
  I have a roughly similar configuration for blocking bogus email attempts.
  The issue I've encountered is having f2b's block list first in
iptables before NFQUEUE. When suricata reloads or restarts, it becomes
first in iptables, making f2b useless. I must always reload/restart
suricata, then restart fail2ban.
  How have you handled this?

James Moe
moe dot james at sohnen-moe dot com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190504/966af809/attachment.sig>

More information about the Oisf-users mailing list