Tabernero
Reputation: 635
Where to find the list of Fail2Ban built-in port bindings?
I am setting up a fail2ban instance, everything works fine as expected, but I have been noticing some rules has built-in ports, for example:
...
[domino-smtp]
port = smtp,ssmtp
logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log
...
filter = sshd
logpath = /var/log/auth.log
port = ssh
...
[phpmyadmin-syslog]
port = http,https
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
...
So, when it states that port is ssh or http or whatever, where do fail2ban get these bindings from? How do I know what ports can I use as names and which as just port numbers?
Upvotes: 1
Views: 397
Answers (1)
AndroidX
Reputation: 648
Named ports are used by many tools besides f2b. In most Linux distributions they are defined in /etc/services (a subset of IANA's official list).
Upvotes: 3
Related Questions
- Howto ban IP with Fail2Ban manually by command line?
- Setting `maxretry` of fail2ban filter to zero
- Fail2Ban how to match any string
- fail2ban - how to ban ip permanently after it was baned 3 times temporarily
- Fail2ban custom regular expresion
- Fail2ban named-refused failregex syntax
- Understanding fail2ban test output when running fail2ban-regex on Nginx
- Fail2Ban doesn't seem to respond / ban IPs
- fail2ban <HOST> regex alias explanation
- Advanced fail2ban parameters in filter/action