blocking access attempts by IP address

[Barrydocks]

One of the "sneaky tricks" of SMF search is that it's global only from the home page, it seems. I found a few more results when searching from there.

Now feeling slight stupid
Thanks

[Sam Graf]

Now feeling slight stupid

If it makes you feel any better, I have no idea how long it took me to realize that that's how it seems to work. Who knows how many searches I botched before I realized what was going on...

So there's at least two of us who made that mistake at least once.

[UdoB]

On most of my servers I generally have password authentication disabled for ssh but on one I need it enabled, this is the one I would like to block failed login attempts.

You might move sshd from default Port 22 to any other arbitrary Port. This is definitely security-by-obscurity but nevertheless it will reduce brute force attacks by much more than 90% without additional tools.

Best regards

[half_life]

Thanks half_life

I realise that both fail2ban and zentyal firewall both use IPtables, my concern was based on the fact that zentyal tends to over write changes made to config files (hence the need for the pre and post set hooks).

I did do a search on the forum for fail2ban but only this post was found

I'll give it a try and see what happens

Sorry if what I said came across harshly.  I assume that you have found a few more posts on the subject since then.  If Zentyal overwrites iptables rules, it would only happen during a reconfigure or a restart.  This should affect the default behavior of fail2ban.  I wouldn't configure it to permanently block an IP address as this could impact operations eventually.

[Barrydocks]

Thanks for all the advice, I have ended up going with denyhosts http://denyhosts.sourceforge.net/ that (as I understand it) relies on adding entries to the /etc/hosts.deny which is not modified by zentyal rather than using IPtables - although I am happy to be corrected on this