Difference between revisions of "Fail2ban:Community Portal"
From Fail2ban
Jump to navigationJump to searchDocunext.com (talk | contribs) m |
Lostcontrol (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
== User Suggestions == | == User Suggestions == | ||
| Line 18: | Line 16: | ||
[http://www.docunext.com/resources/blog/?p=90 Docunext: fail2ban iptable.conf action] | [http://www.docunext.com/resources/blog/?p=90 Docunext: fail2ban iptable.conf action] | ||
| + | |||
| + | ---- | ||
| + | Thank you. Added in the repository. --[[User:Lostcontrol|Lostcontrol]] 13:21, 14 December 2006 (PST) | ||
Revision as of 23:21, 14 December 2006
User Suggestions
Fail2ban is one of the best projects I've encountered - I love it! One suggestion: in 0.7+, the iptables.conf action uses pre-ban command"
iptables -L....
Is there a reason for this? Maybe ip spoofing? At any rate, this can cause fail2ban to take forever in implementing its actions if the iptables chains are big, because it causes DNS lookups for each entry. I suggest adding the "n" flag to the command, to speed things up, like this:
iptables -nL....
See:
netfilter FAQ: iptables -L takes a very long time to display the rules
and
Docunext: fail2ban iptable.conf action
Thank you. Added in the repository. --Lostcontrol 13:21, 14 December 2006 (PST)
