On Thu, 2008-05-22 at 09:42 -0700, Don Russell wrote: > I installed fail2 ban and it seems to do a nice job of reporting > people knocking at my door and shutting them down temporarily. > > Is there any doc on how I could add other "intruder detection".... :-) > man fail2ban and info fail2ban come up dry. :-( You can do similar sort of blocking with firewall rules that count the number of <connection attempts> and only allow <so many>. That could be 10 HTTP connection attempts per hour, or any other port you care to work on. This isn't logging, or monitoring logs, it's the firewall counting connection attempts, itself. A different approach than fail2ban. You'd have to read the iptables documentation about doing this, though. I don't have a ready made answer, but I've seen people discuss this sort of thing on this list. Perhaps if you repost with a subject line reflecting something like "automatic firewall rules to ban too many connection attempts" you might get their attention, if you don't get any suitable responses on this thread. -- (This box runs Centos 5.0, my others still run FC 4, 5, 6, & 7, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
