On Sat, Jan 17, 2015 at 7:56 AM, lee wrote:
> Rich Freeman writes:
>>
>> Depends on how you run it, but yes, you might have multiple instances
>> of fail2ban running this way consuming additional RAM. If you were
>> really clever with your container setup they could share the same
>> binary and
Rich Freeman writes:
> On Thu, Jan 15, 2015 at 3:32 PM, lee wrote:
>> Rich Freeman writes:
>>
>>> 2. Run fail2ban in each container and have it monitor its own logs,
>>> and then add host iptables rules to block connections.
>>
>> Containers must not be able to change the firewalling rules of t
On Thu, Jan 15, 2015 at 3:32 PM, lee wrote:
> Rich Freeman writes:
>
>> 2. Run fail2ban in each container and have it monitor its own logs,
>> and then add host iptables rules to block connections.
>
> Containers must not be able to change the firewalling rules of the host.
> If they can do such
Rich Freeman writes:
> On Sun, Jan 11, 2015 at 1:47 PM, lee wrote:
>>
>> Same here, so why does fail2ban get involved with containers?
>>
>
> Seems like there are three options here.
> 1. Run fail2ban on the host and have it look into the containers,
> monitor their logs, and add host iptables r
On Sun, Jan 11, 2015 at 1:47 PM, lee wrote:
>
> Same here, so why does fail2ban get involved with containers?
>
Seems like there are three options here.
1. Run fail2ban on the host and have it look into the containers,
monitor their logs, and add host iptables rules to block connections.
2. Run f
Rich Freeman writes:
> On Sun, Jan 11, 2015 at 10:48 AM, lee wrote:
>>>
>>> I don't want to run fail2ban in the container because the container must
>>> not mess with the firewall settings of the host. If a container can do
>>> that, then what's the point of having containers in the first place
On Sun, Jan 11, 2015 at 10:48 AM, lee wrote:
>>
>> I don't want to run fail2ban in the container because the container must
>> not mess with the firewall settings of the host. If a container can do
>> that, then what's the point of having containers in the first place?
>>
I've never used the LXC
see https://bugs.gentoo.org/show_bug.cgi?id=536320
lee writes:
> Hi,
>
> I'm trying to get fail2ban to work on the host and keep getting error
> messages like:
>
>
> ,
> | Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script
> for each container:
> | Jan 08 21:13:04 [/
Hi,
I'm trying to get fail2ban to work on the host and keep getting error
messages like:
,
| Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script for
each container:
| Jan 08 21:13:04 [/etc/init.d/fail2ban] ln -s lxc /etc/init.d/lxc.container
| Jan 08 21:13:05 [/etc/init
9 matches
Mail list logo
