From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-server+bounces-3373-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1MZn5b-0001zs-Tj
	for garchives@archives.gentoo.org; Sat, 08 Aug 2009 14:40:08 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 35937E054F;
	Sat,  8 Aug 2009 14:40:06 +0000 (UTC)
Received: from xena.bway.net (xena.bway.net [216.220.96.26])
	by pigeon.gentoo.org (Postfix) with ESMTP id 175EAE054F
	for <gentoo-server@lists.gentoo.org>; Sat,  8 Aug 2009 14:40:06 +0000 (UTC)
Received: (qmail 33517 invoked by uid 0); 8 Aug 2009 14:40:05 -0000
Received: from unknown (HELO www.bway.net) (216.220.96.11)
  by smtp.bway.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Aug 2009 14:40:05 -0000
Date: Sat, 8 Aug 2009 10:40:05 -0400 (EDT)
From: Ajai Khattri <ajai@bway.net>
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] iptables && fail2ban
In-Reply-To: <4A7759BD.1040903@gmail.com>
Message-ID: <20090808103842.B96988@shell.bway.net>
References: <10114659.21222086363221.JavaMail.gibbonsr@twix.insanity5902.no-ip.org>
  <4A7559A4.4090400@gmail.com>  <279fbba40908010253p11603234x627e90407f0eacf9@mail.gmail.com>
  <4A757751.5000000@gmail.com> <1249149991.4396.2.camel@laptop.homershut.net>
 <4A7759BD.1040903@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-server@lists.gentoo.org>
List-Help: <mailto:gentoo-server+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-server+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-server+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-server.gentoo.org>
X-BeenThere: gentoo-server@lists.gentoo.org
Reply-to: gentoo-server@lists.gentoo.org
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Archives-Salt: bc056bfd-135c-434e-8e26-2b7a70ad34cb
X-Archives-Hash: 5028785dabbc2ff9ed967688c3af4c95

On Mon, 3 Aug 2009, mrfroasty wrote:

> I have already played with it and concluded that fail2ban missed it...in
> my previous mail its mentioned that
>
> #fail2ban-regex /var/log/auth.log
> /etc/fail2ban/filter.d/proftpd.conf|grep 124.205.130.15
>
> Nothing in the output, that means it has just missed to ban this guy.

Personally, Im nervous about any tool that modifies my carefully 
configured firewall, so I use denyhost instead.



-- 
A