fail2ban port changed


fail2ban will detect login attemps with log content. fail2ban don't use ports for detection, only to block.To block the right port, you have to tell fail2ban which one in order to correctly setup iptable.Into /etc/fail2ban/jail.local:

[ssh] enabled = true port = ssh <-- just modify this with your port port = 1234

Another method is to block everything from the offending hosts. So iptable will drop every paquets from them, not only ssh ones.At the beginning of /etc/fail2ban/jail.local:

banaction = iptables-multiport <-- regular blocking (one or several ports) banaction = iptables-allports <-- block everything

With iptables-allports you don't have to bother about ports. Just leave the default ones.

2017-06-05 11:58:52gstlouis