On Mon, Apr 20, 2015 at 02:57:36PM +, Peter Berghold wrote:
> I'm using the Puppet Labs firewall module and I noticed much to my
> chagrin that when the agent runs and applies rules it undoes all the
> work that fail2ban did.
I have the following:
firewallchain { 'INPUT:filter:IPv4':
pu
I'm using the Puppet Labs firewall module and I noticed much to my chagrin
that when the agent runs and applies rules it undoes all the work that
fail2ban did.
Since I'm also setting up shorewall this thread applies to that as well.
Has anybody gotten this module to play nice with fail2ban?
--
Have a look at pam_shield. It can protect any services that use PAM for
authentication (i.e. ssh, authenticated mail, but not web). It can use
either null-routing or iptables rules for blocking. If you set it to use
null-routing then it doesn't interfere with puppetlabs/firewall - we are
using
Hi,
Ah indeed, I misread the puppetlabs-denyhosts module. I had a look at the
DenyHosts project but that seems limited to SSH alone. My fail2ban has
rules that scan logs of our web servers, mail etc.
--
Daniele Sluijters
On Wednesday, 30 October 2013 01:39:56 UTC+1, Don Hoffman wrote:
>
> On
On reading your message, I think you are perhaps confusing the static Linux
/etc/host.deny mechanism with the DenyHosts project. See
http://denyhosts.sourceforg.net
Don
On Oct 29, 2013, at 5:32 PM, Donald Hoffman wrote:
> On Oct 29, 2013, at 12:00 PM, Daniele Sluijters
> wrote:
>
>> Hi,
On Oct 29, 2013, at 12:00 PM, Daniele Sluijters
wrote:
> Hi,
>
> DenyHosts is not an option for me since I can't predict which hosts will be
> connecting from the outside. Fail2ban solves that issue by looking for odd
> behaviour instead of asking me to whitelist.
>
> Thanks for the suggesti
Hi,
DenyHosts is not an option for me since I can't predict which hosts will be
connecting from the outside. Fail2ban solves that issue by looking for odd
behaviour instead of asking me to whitelist.
Thanks for the suggestion though,
--
Daniele Sluijters
On Tuesday, 29 October 2013 18:22:04
On Oct 29, 2013, at 8:41 AM, Daniele Sluijters
wrote:
> Hello,
>
> A while back I wanted to switch our home-brewed iptables module to the
> puppetlabs/firewall module but I couldn't figure out
> how to tell puppetlabs/firewall to leave the fail2ban chains alone.
>
> I was curious if someone
Hello,
A while back I wanted to switch our home-brewed iptables module to the
puppetlabs/firewall module but I couldn't figure out
how to tell puppetlabs/firewall to leave the fail2ban chains alone.
I was curious if someone had solved the issue and had some examples I can
work from?
--
Daniel
