Skip to content

Instantly share code, notes, and snippets.

Last active March 10, 2021 16:37
  • Star 8 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Fail2Ban DROP instead REJECT
#Depending on version one of the following files must exist
root@host:/ nano /etc/fail2ban/action.d/iptables-blocktype.conf
root@host:/ nano /etc/fail2ban/action.d/iptables-common.conf
comment the line
#blocktype = REJECT --reject-with icmp-port-unreachable
create the line
blocktype = DROP
Copy link

sem-hub commented Jan 10, 2021

I think REJECT is very strange choice for default.
I've realize it when found a lot of ICMP traffic from me. It customizes easy, but a lot of people will not change it.
I've read #507 and I'm not agree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment