Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


MyVestaCP - fail2Ban and iptables
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

MyVestaCP - fail2Ban and iptables

pkrpkr Member

I have a few questions related to Fail2Ban and IPtables:

  1. In MyVestaCP, why uptime for iptables is always 0? Vestacp and Hestia have the same issue. All 3 show uptime =0 minutes for iptables.
  2. In jail.conf, enabled = false. So, it means all jails are disabled by default. True?
  3. jail.local has the following. It means only these jails are active. True?
  4. If I want to enable jail for apache or nginx, I will add them to the jail.local file. True?

[ssh-iptables]
enabled = true
filter = sshd
action = vesta[name=SSH]
logpath = /var/log/auth.log
maxretry = 5

[vsftpd-iptables]
enabled = false
filter = vsftpd
action = vesta[name=FTP]
logpath = /var/log/vsftpd.log
maxretry = 5

[exim-iptables]
enabled = true
filter = exim
action = vesta[name=MAIL]
logpath = /var/log/exim4/mainlog

[dovecot-iptables]
enabled = true
filter = dovecot
action = vesta[name=MAIL]
logpath = /var/log/dovecot.log

[mysqld-iptables]
enabled = false
filter = mysqld-auth
action = vesta[name=DB]
logpath = /var/log/mysql.log
maxretry = 5

[vesta-iptables]
enabled = true
filter = vesta
action = vesta[name=VESTA]
logpath = /var/log/vesta/auth.log
maxretry = 5

Comments

  • LupuLupu Member
    edited June 2020
    1. Iptables isn't a real userspace daemon so it doesn't has a conventional uptime or memory usage like nginx, fail2ban or exim4, it is present there as a convenient way for starting/stopping/reloading firewall rules.
    2. Yes al jails defines in jail.conf are disabled , but not ones defined in /etc/fail2ban/jail.local you should enable individual jails there.
    3. yes
    4. yes (or in jail.d/apache.conf)
    Thanked by 1Falzo
  • pkrpkr Member

    @Lupu said:
    1. Iptables isn't a real userspace daemon so it doesn't has a conventional uptime or memory usage like nginx, fail2ban or exim4, it is present there as a convenient way for starting/stopping/reloading firewall rules.
    2. Yes al jails defines in jail.conf are disabled , but not ones defined in /etc/fail2ban/jail.local you should enable individual jails there.
    3. yes
    4. yes (or in jail.d/apache.conf)

    Thank you so much.

  • dpecadpeca Member

    @pkr said: In MyVestaCP, why uptime for iptables is always 0?

    As @Lupu already said, it's because it's not a service... it's actually iptables rules

Sign In or Register to comment.