Skip to content

Instantly share code, notes, and snippets.

@antoniocampos
Last active March 10, 2021 16:37
Show Gist options
  • Save antoniocampos/1b8bc607d7b2d4a42e2a6e7df00645d0 to your computer and use it in GitHub Desktop.
Save antoniocampos/1b8bc607d7b2d4a42e2a6e7df00645d0 to your computer and use it in GitHub Desktop.
Fail2Ban DROP instead REJECT
#Depending on version one of the following files must exist
root@host:/ nano /etc/fail2ban/action.d/iptables-blocktype.conf
or
root@host:/ nano /etc/fail2ban/action.d/iptables-common.conf
comment the line
#blocktype = REJECT --reject-with icmp-port-unreachable
create the line
blocktype = DROP
@sem-hub
Copy link

sem-hub commented Jan 10, 2021

I think REJECT is very strange choice for default.
I've realize it when found a lot of ICMP traffic from me. It customizes easy, but a lot of people will not change it.
I've read #507 and I'm not agree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment