[sslh] SSLH and Fail2ban
Yves Rutschle
yves at naryves.com
Tue Jan 10 22:39:31 CET 2012
On Tue, Jan 10, 2012 at 10:01:12PM +0100, Void And Any wrote:
> For Fail2Ban I started to make a rule (jail) but I have a problem,
> when I connect with ssh from my enterprise the log does not contain
> the from IP but the name of the proxy, which cannot be resolved from
> outside of my enterprise :
>
> Jan 10 14:56:13 localhost sslh[30953]: connection from
> proxy.xxx.fr:45873 to 192.168.1.111:https forwarded from
> localhost:47134 to localhost:ssh
>
> So Fail2ban cannot ban IP, any idea why I don't have IP adress instead ?
Yes, you need to start sslh with the "-n" (or "--numeric")
option which will prevent name resolution.
I'll be grateful if you publish the fail2ban rule once
you're done, I know of several people that are interested
(including me :) ).
Cheers,
Y.
More information about the sslh
mailing list