Review your favorite Linux distribution.
Go Back > Blogs
User Name



Blocking lists of IP addresses using the iptables recent module or ipset and make fail2ban use it.

Posted 04-21-2013 at 08:25 AM by unSpawn
Updated 04-21-2013 at 09:34 AM by unSpawn (//Suggest saving the current rule set)

To combat the common misconception that filling Netfilters filter table INPUT chain is still a valid choice, to show ease of use and for future reference I'll outline how to mass block IP(v4) addresses and how to integrate this in fail2ban.

*This web log post will not explain the fine print on ipset and iptables' {ipt,xt}_recent ('iptables -m recent --help'), nor will it tell you how to install anything, help you configure fail2ban, go into SysV vs BSD init scripts or application...
Posted in Uncategorized
Views 3429 Comments 0 unSpawn is offline

Limiting and blocking connections dynamically.

Posted 10-31-2011 at 04:46 PM by sag47
Updated 01-29-2014 at 12:14 PM by sag47

Today I feel like talking about limiting connections which get made to a server. There are a few ways to do it; some cooler than others. I'd like to feature some open source software while I'm at it.

Today I happened upon this thread which hilariously got closed for good reason. Once you wade through all the crap you'll see some pretty cool posts which explain how to limit incoming connections within a certain time period and other suggestions. I'll point out the most useful related...
Senior Member
Posted in Uncategorized
Views 1023 Comments 0 sag47 is offline

Denyhosts vs Fail2ban aka tcp_wrappers vs iptables

Posted 07-22-2010 at 04:58 AM by unSpawn

At times denyhosts is being recommended over fail2ban. The common misconception being these applications are equal. They're not, OK in more than one way, but focusing on method of filtering denyhosts uses tcp_wrappers by default where Fail2ban uses iptables by default.

Using tcp_wrappers means a packet has to be delivered to that service. The serving application is responsible for reading /etc/hosts.{deny,allow} to determine itself if a connection is allowed or not. Requiring a network...
Posted in Uncategorized
Views 6196 Comments 1 unSpawn is offline


All times are GMT -5. The time now is 07:32 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration