I started to work on fail2ban as a module for NethServer, for the moment It is just a note and search work, but I'm facing some issues and some technical choices.
a) Fail2ban email
Fail2ban sends emails (can be enabled or not) but root cannot be a user credential in roundcube/sogo and the 'admin' user has no password set by default...
who will be receive the fail2ban email by default ?
at the end the user destination will be a choice by a db command.
b) Firewall choice
Fail2ban can work with one of two firewall, shorewall which is available by default only for NS6.7 and Iptables. I tested both and they are workable, except for one Issue I will detail after the problem.
Of course shorewall is available by default only for NS6.7, so what about for the dude who don't want to upgrade his system, I cannot force an upgrade for him.
As the firewall side, is really not my knowledge competency field, please shout if I say wrong.
c)block the attackers
Shorewall doesn't let you the choice (at least by default in fail2ban), the attacker is blocked on all ports, shorewall closes all ports after exceeded the number of attempts (see /etc/fail2ban/action.d/shorewall.conf).
It is workable, but if someone plays with your server behind a gateway, the gateway will be blocked.
do I'm wrong ?
Iptables has more settings
iptables(block one port), iptables-multiport (block several ports), iptables-allports (block all port)
All are workable but my Issue is that every settings do the same thing and the firewall close all ports for the attacker. The jail tested for now is ssh.
# iptables -L |grep -i web
REJECT all -- web.lan anywhere reject-with icmp-port-unreachable
@Nas @zamboni can you share with us the blocked lines in you firewall please ?
fail2ban-client status sshd
and search by the IP or the dns name or by
iptables -L |grep 'reject-with icmp-port-unreachable'
If you have hints, please share it