[Oisf-users] fail2ban integration
James Moe
jimoe at sohnen-moe.com
Sat May 4 19:55:07 UTC 2019
On 04/05/2019 4.15 AM, Marios Spinthiras wrote:
> To overcome this hurdle and gain the IPS capability of blocking
> offenders but still running in AF_PACKET, I implemented a fail2ban
> integration.
>
I have a roughly similar configuration for blocking bogus email attempts.
The issue I've encountered is having f2b's block list first in
iptables before NFQUEUE. When suricata reloads or restarts, it becomes
first in iptables, making f2b useless. I must always reload/restart
suricata, then restart fail2ban.
How have you handled this?
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190504/966af809/attachment.sig>
More information about the Oisf-users
mailing list