LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page fail2ban-regex not filtering, banning IP addresses
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-13-2016, 01:38 PM   #1
dthims
Member
 
Registered: Mar 2003
Posts: 50

Rep: Reputation: 1
fail2ban-regex not filtering, banning IP addresses

getting a lot of these in my logs but fail2ban is not banning them. ip's are random
connect from unknown[1XX.22X.1XX.2XX]
disconnect from unknown[1XX.22X.1XX.2XX]

this is the filter i'm running it against but its not working. got the idea from this link - http://www.iredmail.org/forum/topic8...s-attacks.html

failregex = disconnect from unknown (.*)\[<HOST>\]
failregex = connect from unknown (.*)\[<HOST>\]

tia
 
Old 02-13-2016, 02:53 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Show me the exact command please, including log and the filter used in it.
 
Old 02-13-2016, 04:49 PM   #3
dthims
Member
 
Registered: Mar 2003
Posts: 50

Original Poster
Rep: Reputation: 1
fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/unknown.conf

Running tests
=============

Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
| [3495] MONTH Day Hour:Minute:Second
`-

Lines: 3495 lines, 0 ignored, 0 matched, 3495 missed
Missed line(s): too many to print. Use --print-all-missed to print all 3495 lines
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fail2ban is banning, but I need a redirect. rmpms Linux - Security 10 08-01-2015 12:45 AM
fail2ban & Apache: no banning peng12 Linux - Software 3 01-13-2015 12:09 PM
fail2ban inconsistent in banning hackers compused Linux - Security 3 05-30-2014 01:56 PM
Fail2ban noscript jail is banning googlebot...should I make an exception? sneakyimp Linux - Security 4 12-08-2012 01:01 PM
[SOLVED] fail2ban - not banning apache scanners djsmiley2k Linux - Server 1 08-26-2010 04:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:24 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration