More fail2ban questions
David Bandel
david.bandel
Thu Aug 3 04:52:49 PDT 2006
On 8/2/06, Chong Yu Meng <chongym at cymulacrum.net> wrote:
> This is (probably) for David, but I think the rest of us may benefit
> from his edifying answers, so I am posting my question here.
>
> In the fail2ban configuration file, there is a ignoreip setting. I'm not
> sure I understand what should be listed there. Should I list the IP
> addresses that fail2ban should not check (i.e. authentication errors for
> that IP will be ignored, and the IP will never be banned) or should I
> list all the IPs I am blacklisting?
ignoreip should be IPs you don't want banned. My management addresses
are all listed there.
>
> The reason I ask is that there is an IP originating in India that was
> spoofing an unused IP address on the same subnet as my server, and
> trying to login. I'd rather that fail2ban checks every IP address
> including those on the same subnet. Does that mean that I should leave
> the setting blank?
yep. But unless he's source routing (which you shouldn't allow), his
attempts are for naught.
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto
More information about the Linux-users
mailing list