Contribs.org

Please login or register.

Login with username, password and session length

News:

Remember SME Server is currently free to download and use. But it is not free to build. You can help by making a donation of time OR money from the links below.

Pages: [1]   Go Down

Author Topic: geoip & fail2ban  (Read 395 times)

ElFroggio

  • Wiki & Docs Team
  • *
  • Offline Offline
  • Posts: 262
geoip & fail2ban
« on: June 02, 2017, 03:57:52 AM »

SME 9.2

Is it possible to tie geoip with iptables/fail2ban. I have seen:

https://forums.contribs.org/index.php/topic,50465.msg253952.html#msg253952

1. It's in French and my French is very rusty. (I can speak but not technical)
2. I don't understand the "-m geoip --src-cc " where does it come from?

I've been under attack from china, korea and vietnam. It has slowed down, but I'd like to deal with it.

Any suggestion?

Thanks

Syv
Logged

Jean-Philippe Pialasse

  • Site Administrator
  • *
  • Offline Offline
  • Posts: 803
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: geoip & fail2ban
« Reply #1 on: June 02, 2017, 06:14:36 AM »

I have started looking at geoip blocking with fail2ban, unfortunately the kernel and the way iptable is compiled under centos /red hat and so SME9 does not allow this

an alternative would have been to work also with /etc/hosts.deny (https://www.axllent.org/docs/view/ssh-geoip/) but again an internal command (aclexec) to allow this is not available with red hat.


a last solution would be to use xtables-addons and its kmod... I start looking at it and I stuck trying to compile it again SME9 for the moment.
so if you have the time and energy to work on compiling this, yes you could get geoip ban at iptables level....
Logged

ElFroggio

  • Wiki & Docs Team
  • *
  • Offline Offline
  • Posts: 262
Re: geoip & fail2ban
« Reply #2 on: June 05, 2017, 03:48:59 AM »

so if you have the time and energy to work on compiling this, yes you could get geoip ban at iptables level....

I'm sorry, but I'm afraid that it's beyond my skills level

Thanks/Merci

Syv
Logged

mab974

  • Not too shy to talk
  • *
  • Offline Offline
  • Posts: 25
Re: geoip & fail2ban
« Reply #3 on: September 12, 2017, 07:48:02 PM »

I have compiled xtables-addons for testing here
https://repos.misouk.com/Sme_Server/6/x86_64/xtables-addons-1.47.1-1.el6.x86_64.rpm.
yum install must have "enablerepo=epel"  option for dependencies.

Some explanations for setup here
https://www.howtoforge.com/xtables-addons-on-centos-6-and-iptables-geoip-filtering

i am working on a contrib now. Any suggestion would be appreciate.
Logged

ReetP

  • Wiki & Docs Team
  • *
  • Online Online
  • Posts: 937
Re: geoip & fail2ban
« Reply #4 on: September 13, 2017, 03:42:57 PM »

i am working on a contrib now. Any suggestion would be appreciate.

It depends where you are stuck :-)

Let us know and we can try and help.

B. Rgds
John
Logged
...
Bugs are easier than you think :
http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in
http://wiki.contribs.org/Koozali_Foundation

Jean-Philippe Pialasse

  • Site Administrator
  • *
  • Offline Offline
  • Posts: 803
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: geoip & fail2ban
« Reply #5 on: September 14, 2017, 12:14:22 AM »

mab974,

thank you for the good work!

Suggestion for a contribs, you could first work on templates and db entry for most useful settings
in second time you could work on a panel to help to change those settings.


I see you have a few contribs there : https://repos.misouk.com/Sme_Server/6/SRPMS

would you like to have access to our buildsystem to import them ?
As a start I see you were able to update geneweb that I was not able to do in a reasonable time before giving up.
Having them in the buildsys would help other to get access to this great work and also help others to help you. Including translation of panels or fixing a small issue.
Logged

mab974

  • Not too shy to talk
  • *
  • Offline Offline
  • Posts: 25
Re: geoip & fail2ban
« Reply #6 on: September 14, 2017, 06:15:58 PM »

Hi,
It's a particuliar contrib wich depends on kernel version.
new kernel --> new packet
https://repos.misouk.com/Sme_Server/6/x86_64/xtables-addons-1.47.1-2.el6.x86_64.rpm

Suggestion for a contribs, you could first work on templates and db entry for most useful settings
in second time you could work on a panel to help to change those settings.
i am working on templates and db entry for xt_geoip, for the other addons i don't know if there's NFR for them.
For the second point, i thought panel use was no more considered as a good solution for the future.

I see you have a few contribs there : https://repos.misouk.com/Sme_Server/6/SRPMS

would you like to have access to our buildsystem to import them ?
why not ? for some of them which may be interesting. But for sure i need some help for the beginning, in a better place than here too.
Logged

Stefano

  • Site Administrator
  • *
  • Offline Offline
  • Posts: 10,497
  • Skype account: maghissimo
    • Smeserver italian community
Re: geoip & fail2ban
« Reply #7 on: September 14, 2017, 06:27:40 PM »

can't access your repo, err NET::ERR_CERT_REVOKED
Logged
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia

ReetP

  • Wiki & Docs Team
  • *
  • Online Online
  • Posts: 937
Re: geoip & fail2ban
« Reply #8 on: September 14, 2017, 07:36:09 PM »

can't access your repo, err NET::ERR_CERT_REVOKED

Can get it on my phone from here ?
Logged
...
Bugs are easier than you think :
http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in
http://wiki.contribs.org/Koozali_Foundation

Stefano

  • Site Administrator
  • *
  • Offline Offline
  • Posts: 10,497
  • Skype account: maghissimo
    • Smeserver italian community
Re: geoip & fail2ban
« Reply #9 on: September 14, 2017, 07:48:32 PM »

chrome 61 on linux mint says that the certificate was revoked..

no problem using firefox.....
Logged
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia

mab974

  • Not too shy to talk
  • *
  • Offline Offline
  • Posts: 25
Re: geoip & fail2ban
« Reply #10 on: September 14, 2017, 08:01:00 PM »

Problem with chrome
Quote
Chrome 61 distrusts ALL certificates signed by StartSSL and WoSign

from https://webmasters.stackexchange.com/questions/103405/startssl-certificate-gives-sec-error-revoked-certificate-in-firefox-and-err-cert

mine is an old one but  evil.... evil....  :-)
Logged

Jean-Philippe Pialasse

  • Site Administrator
  • *
  • Offline Offline
  • Posts: 803
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: geoip & fail2ban
« Reply #11 on: September 14, 2017, 08:50:49 PM »

Hi,
It's a particuliar contrib wich depends on kernel version.
new kernel --> new packet
https://repos.misouk.com/Sme_Server/6/x86_64/xtables-addons-1.47.1-2.el6.x86_64.rpm
ideally it would be to compile the rpm in two : one main and one kmod with soft dependency, so you only need to recompile it on major change of the kernel.

i am working on templates and db entry for xt_geoip, for the other addons i don't know if there's NFR for them.

great

For the second point, i thought panel use was no more considered as a good solution for the future.

no their still are needed, just that for SME10 we aim to make the manager better.

why not ? for some of them which may be interesting. But for sure i need some help for the beginning, in a better place than here too.

some exchange can be made on IRC, hangouts or another IM.
Logged
Pages: [1]   Go Up
 

Page created in 0.053 seconds with 26 queries.