{"id":5,"date":"2015-02-13T15:28:05","date_gmt":"2015-02-13T15:28:05","guid":{"rendered":"http:\/\/www.mbcs.ca\/?p=5"},"modified":"2015-02-13T15:28:05","modified_gmt":"2015-02-13T15:28:05","slug":"fail2ban-shorewall-and-recidive-jail","status":"publish","type":"post","link":"https:\/\/www.mbcs.ca\/?p=5","title":{"rendered":"Fail2Ban, Shorewall and Recidive Jail"},"content":{"rendered":"<p>I have been using <a href=\"http:\/\/www.fail2ban.org\">Fail2Ban<\/a> with <a href=\"http:\/\/www.shorewall.net\">Shorewall<\/a> to block brute force attempts against open ports.\u00a0 I noticed that during a recent attack, the attackers were being repeatedly banned, so I decided to turn on the Recidive Jail.\u00a0 Unfortunately, it doesn&#8217;t work with the shorewall action &#8211; in a nut shell, the short term jail that finally triggers the recidive jail releases the IP even though the recidive jail believes it is still banned.\u00a0 I got around the problem by adding a new action &#8216;shorewall-recid&#8217; and creating a few short scripts.\u00a0 Essentially, if the recidive jail is triggered, the scripts make sure the ip is unbanned from all other jails before it is banned with the recidive one.\u00a0 If you are interested in the scripts, just let me know.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have been using Fail2Ban with Shorewall to block brute force attempts against open ports.\u00a0 I noticed that during a recent attack, the attackers were being repeatedly banned, so I decided to turn on the Recidive Jail.\u00a0 Unfortunately, it doesn&#8217;t work with the shorewall action &#8211; in a nut shell, the short term jail that &hellip; <a href=\"https:\/\/www.mbcs.ca\/?p=5\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Fail2Ban, Shorewall and Recidive Jail<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5","post","type-post","status-publish","format-standard","hentry","category-firewallingsecurity"],"_links":{"self":[{"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=\/wp\/v2\/posts\/5","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5"}],"version-history":[{"count":1,"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=\/wp\/v2\/posts\/5\/revisions"}],"predecessor-version":[{"id":6,"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=\/wp\/v2\/posts\/5\/revisions\/6"}],"wp:attachment":[{"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mbcs.ca\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}