On Fri, Dec 14, 2012 at 9:07 PM, Andy Smith <andy@???> wrote:
> Hi Chris,
>
> On Thu, Dec 13, 2012 at 05:25:26PM +0000, Chris Dennis wrote:
>> But I've discovered that fail2ban doesn't know about IPv6 (yet),
>> which seems to leave a fairly big hole in the security.
>
> Someone has forked Fail2Ban to add IPv6 support:
>
> https://github.com/Th4nat0s/fail2ban
>
> so hopefully it won't be too long coming.
>
> I must admit I don't have an IPv6 SSH dictionary attack
> countermeasure myself at the moment.
I noticed this problem with fail2ban when I first looked at IPv6 and
ended up writing a firewall script for ip6tables to handle SSH
attacks. It uses the '-m recent' (etc) parameters and appears to
work.
Admittedly, it's not as slick as fail2ban, but it will do until
fail2ban or else is ready.
Cheers,
Gerald
