fail2ban: How to ban IP connect port 22

sieuvocmaytinh · 08-31-2012, 06:46 AM

I change ssh port to 10000. I don't use port 22 and i want to ban IP which connect to port 22.

I use fail2ban.

unSpawn · 08-31-2012, 06:56 AM

fail2ban bans hosts by reading logs. If the SSH daemon doesn't run on port TCP/22 then it won't generate any log entries for any logins on that port. Hence wanting to do so doesn't make any sense. Should you want to proceed anyway then I suggest you add a firewall logging rule for the port and make fail2ban recognize the log entry. Since the fail2ban source is freely available you shouldn't have any trouble creating the appropriate filter on your own because, with all due respect, I rather spend time on things that do make sense.

acid_kewpie · 08-31-2012, 06:57 AM

if you don't use port 22 you can't connect to it, so I would suggest you just ignore those requests. for fail2ban you'd just need to log those requests with iptables and then track that log with fail2ban, but there seems next to no realistic benefit in this.