Comments on: Protegiendo el correo con Fail2Ban http://aleph.llull.net/2008/10/21/protegiendo-el-correo-con-fail2ban/ Wed, 08 Sep 2010 18:02:19 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Eduard http://aleph.llull.net/2008/10/21/protegiendo-el-correo-con-fail2ban/comment-page-1/#comment-10666 Eduard Thu, 23 Oct 2008 21:42:20 +0000 http://aleph.llull.net/?p=353#comment-10666 OK, gràcies per confirmar-ho. OK, gràcies per confirmar-ho.

]]> By: Kiko http://aleph.llull.net/2008/10/21/protegiendo-el-correo-con-fail2ban/comment-page-1/#comment-10663 Kiko Wed, 22 Oct 2008 08:05:33 +0000 http://aleph.llull.net/?p=353#comment-10663 La versió de Debian sid (Fail2Ban v0.8.3) Si que suporta el multiport: A /etc/fail2ban/jail.conf hi vé: <blockquote> [couriersmtp] enabled = false port = smtp,ssmtp filter = couriersmtp logpath = /var/log/mail.log [courierauth] enabled = false port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s filter = courierlogin logpath = /var/log/mail.log </blockquote> I les regles d’iptables que genera tenen aquesta pinta: <blockquote> # iptables -vnL Chain INPUT (policy ACCEPT 7721K packets, 1659M bytes) pkts bytes target prot opt in out source destination 101K 30M fail2ban-courierauth tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995 31356 2432K fail2ban-apache tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 101K 30M fail2ban-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995 51913 26M fail2ban-postfix tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465 205K 17M fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 31356 2432K fail2ban-apache-overflows tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 31356 2432K fail2ban-apache-noscript tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 </blockquote> La versió de Debian sid (Fail2Ban v0.8.3) Si que suporta el multiport:

A /etc/fail2ban/jail.conf hi vé:

[couriersmtp]

enabled = false
port = smtp,ssmtp
filter = couriersmtp
logpath = /var/log/mail.log

[courierauth]

enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = courierlogin
logpath = /var/log/mail.log

I les regles d’iptables que genera tenen aquesta pinta:

# iptables -vnL
Chain INPUT (policy ACCEPT 7721K packets, 1659M bytes)
pkts bytes target prot opt in out source destination
101K 30M fail2ban-courierauth tcp — * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
31356 2432K fail2ban-apache tcp — * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
101K 30M fail2ban-sasl tcp — * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
51913 26M fail2ban-postfix tcp — * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465
205K 17M fail2ban-ssh tcp — * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
31356 2432K fail2ban-apache-overflows tcp — * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
31356 2432K fail2ban-apache-noscript tcp — * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443

]]>