[Dovecot] limiting number of login attempts from same ip

Tom Hendrikx tom at whyscream.net
Thu Jun 16 13:24:41 EEST 2011


On 16/06/11 12:12, Nikolaos Milas wrote:
> On 16/6/2011 12:34 πμ, Ed W wrote:
> 
>> I don't see why fail2ban would have anything to do with ipv6 since it
>> simply runs a script when something needs doing? Just adapt your script?
>> Not having tried it, but possibly the regexps need tweaking also?
> 
> Thanks Ed. You could be right. It could work, *if* fail2ban engine does
> not do any particular internal processing with IP addresses in order to
> implement the rules logic (which I doubt; for example, when it adds
> iptables rules, it refers to ip address as <ip> - see below). In the
> official fail2ban site:
> http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal#IPv6,
> we don't see any solution related to IPv6.
> 
> If it's feasible, I wonder why we can't find anything about that in the
> Internet or in fail2ban site. No one has done it yet? On the contrary,
> we can find ample "complaints" that fail2ban won't work with IPv6.

There has been some discussion on the fail2ban mailing list about ipv6
support implementations lately. Please see
http://sourceforge.net/mailarchive/forum.php?forum_name=fail2ban-users
(thank you SF for the awesome UI).

> Nowhere can we find ipv6 "filters" and "actions" for fail2ban. 

As long as fail2ban has no support for catching ipv6 ip addresses, there
is no use for a filter that can handle these. Adaptation of the iptables
actions to ip6tables would be trivial, though.

> If someone (has time and) is sufficiently competent with
> iptables/ip6tables, then he could try to prepare such actions (and
> create filters with regex expressions to catch ipv6 events from logs
> too) and then give it a try.
> 

Again, most of the pros, cons and implementation issues came along on
the mailing list. I suggest that you take your fail2ban issue there,
since this is no dovecot issue :)


-- 
Regards,

	Tom


More information about the dovecot mailing list