[BlueOnyx:09418] Re: More pam_abl questions....

Chad Bersche chad at bersche.com
Tue Jan 17 20:32:01 -05 2012 

So has anyone had success in using both, or are they really redundant?  
I saw the posting on this list some time back where was stated that 
adding fail2ban might muck up other firewall rules 
(http://mail.blueonyx.it/pipermail/blueonyx/2011-March/006618.html).  
I'm guessing that this is only a "might happen" scenario and that others 
have successfully added fail2ban to the build without issue?

I think there's lots of potential in pam_abl, as I like how it just 
plugs in so easily in the default build.  I'd just like it much more if 
the option to actually STOP traffic coming to my system were part of the 
solution.  I think it's crazy security to simply deny authorization, 
rather than slowing/blocking traffic entirely.  I personally don't care 
if they know I'm on to them, and having a system that was responding and 
then stops makes the eager move on.  If it keeps letting you try and try 
and try, then you end up sucking up bandwidth, cause a potential DOS 
cycling thru ports, etc.  Becoming deaf for a period of time tends to 
stop all that stuff in its tracks.

I guess I shall explore the options to add on since I can't easily 
implement what I'd really like to do with the version of pam_abl that's 
there.

Additional recommendations or comments welcome!

Thanks!

   -- Chad


On 1/17/2012 8:41 AM, Jeff Folk wrote:
> On Jan 17, 2012, at 5:21 AM, Greg Kuhnert wrote:
>> Hi Chad.
>>
>> On 1/17/2012 4:37 PM, Chad Bersche wrote:
>>> So, I've come to the conclusion that pam_abl on its own won't do what I
>>> want for blocking.  Seems that I need to enlist the help of iptables to
>>> really drop connection attempts that I don't want hitting my box.
>> DFIX is a free package that might help you. Amongst many of its
>> functions, it looks at pamabl blocks and transfers the blocks to
>> iptables. See the link below for more details.
>>
>> http://www.compassnetworks.com.au/shop/free-bundle-p-78.html
>>
>> Regards,
>> Greg.
> And Fail2ban is a good addition, too...
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list