[asterisk-users] asterisk and fail2ban
Mark Deneen
mdeneen at gmail.com
Wed Mar 30 17:03:50 CDT 2011
Look into the ipt_recent / xt_recent module. It's probably what he is using.
On Wed, Mar 30, 2011 at 4:25 PM, vip killa <vipkilla at gmail.com> wrote:
> could you please elaborate on how you have iptables setup to work that way?
>
> On Wed, Mar 30, 2011 at 4:11 PM, Gordon Henderson
> <gordon+asterisk at drogon.net> wrote:
>>
>> On Wed, 30 Mar 2011, Terry Brummell wrote:
>>
>>> I think you will find Fail2Ban the defacto standard.
>>
>> I don't use fai2ban. Never have, never will because I simply don't need
>> it.
>>
>> Standard iptables are good enough if you can be bothered to use them to
>> their full abilities. No need for anything else as iptables can do
>> connection tracking and blocking against time - just like fail2ban does.
>> More than X connections a second/minute/hour from a given IP address? Yes,
>> iptables can detect and block that. Works for all protocolls too - SIP, IAX,
>> POP, SSH, etc.
>>
>> Gordon
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>> http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list