On 9/3/2013 5:12 AM, Charles Marcus wrote: > > Ummm... maybe you didn't read what I wrote? That is what I meant > by 'whitelist' in item 1... ;) >
Yes, I think we're on the same page. > > On 2013-09-02 9:59 PM, ot...@ahhyes.net <ot...@ahhyes.net> wrote: >> Is there anyway to limit the number of auth attempts allowed in a >> single session? The reason for this is because I have "fail2ban" >> setup to firewall out any IP addresses that repeatedly auth fails. > > Is there a way to tell fail2ban to block connection attempts NOT > based on IP, but based on other values or value combinations (like > user+IP)? > I'm not sure if fail2ban can trigger on a value combination, but it should be able to pull a username out of a log line and run some command on the username. Basically whatever you can do with a regexp and a single log line. Pull any value out of the log line and run a command or script with the value (usually an IP, but can be anything in that line).
