[asterisk-users] asterisk and fail2ban
Danny Nicholas
danny at debsinc.com
Wed Mar 30 15:36:10 CDT 2011
I don't use F2B either, but from what I understand, it is a packaged
iptables automation. If you are a unix/linux guru or have a small amount of
traffic, I can see where manual iptables maintenance would be fine; F2B
would be for the "less-informed" or more heavily attacked amongst us.
_____
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Terry Brummell
Sent: Wednesday, March 30, 2011 3:33 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk and fail2ban
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of vip killa
Sent: Wednesday, March 30, 2011 4:25 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk and fail2ban
could you please elaborate on how you have iptables setup to work that way?
On Wed, Mar 30, 2011 at 4:11 PM, Gordon Henderson
<gordon+asterisk at drogon.net <mailto:gordon%2Basterisk at drogon.net> > wrote:
On Wed, 30 Mar 2011, Terry Brummell wrote:
I think you will find Fail2Ban the defacto standard.
I don't use fai2ban. Never have, never will because I simply don't need it.
Standard iptables are good enough if you can be bothered to use them to
their full abilities. No need for anything else as iptables can do
connection tracking and blocking against time - just like fail2ban does.
More than X connections a second/minute/hour from a given IP address? Yes,
iptables can detect and block that. Works for all protocolls too - SIP, IAX,
POP, SSH, etc.
Gordon
--
Yah, sounds simple, how do you set it up to do this? Fail2Ban was pretty
easy, if it's that easy, why was F2B even created?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110330/6f49f26d/attachment.htm>
More information about the asterisk-users
mailing list