OpenWrt Forum Archive

Topic: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

The content of this topic has been archived between 5 Apr 2018 and 29 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Excellent!  I shall give that a try in due course....I'm supposed to be on holiday for a week but somehow I think the laptop will fire up before then :-)

Thank you robzr for this great tool. Really simple to get set up!

Thank you, glad to hear it smile

Running r49377 and getting this error when I type the last command in setup

Creating ipset sub2rbl
ipset v6.24: Cannot open session to kernel.
Creating ipset sub2rbl_swing
ipset v6.24: Cannot open session to kernel.
Retrieving RBL (https://lists.blocklist.de/lists/ssh.txt)
ipset v6.24: Cannot open session to kernel.
ipset v6.24: Error in line 1: Cannot open session to kernel.
ipset v6.24: Cannot open session to kernel.
RBL (https://lists.blocklist.de/lists/ssh.txt) added 0 entries
Creating ipset sub2rbl
ipset v6.24: Cannot open session to kernel.
Creating ipset sub2rbl_swing
ipset v6.24: Cannot open session to kernel.
Retrieving RBL (https://lists.blocklist.de/lists/strongips.txt)

Any idea what's wrong?

Hi, did you install the ipset kernel module (package kmod-ipt-ipset)?

Rob

All installed fine

Package kmod-ipt-ipset (4.4.7-1) installed in root is up to date

I noticed that I've included some ip6 stuff in my build,  could this be the problem?

PhusioN wrote:

All installed fine

Package kmod-ipt-ipset (4.4.7-1) installed in root is up to date

I noticed that I've included some ip6 stuff in my build,  could this be the problem?

I doubt it? Did you build a custom kernel?  What is the output of lsmod | grep ip_set

Rob

Nothing is showing up for that command

PhusioN wrote:

Nothing is showing up for that command

Sounds like the ipset kernel modules are not loading.  If you rebuild or are using a different kernel, you probably have to rebuild and install the ipset modules as well.  "modprobe ip_set" should give you more details on what's happening.

Rob

Thanks for help, rebuilt build with kmod-ipt-ipset, etc all selected. Working fine now

Thanks for the work here. What would it take for sub2rbl become a package?

lkraav wrote:

Thanks for the work here. What would it take for sub2rbl become a package?

Thanks.  I'm not sure, do you know if there are any good instructions on making a package?  Since there are no binaries the install bit should be pretty simple.

Rob

Hi:
Thanks for this usefull tool.
I installed it on X64 Openwrt 15.05.1, it works, but the Luci will hang up when login after 7-15 days, I have to reboot the device, the logread seem dead.
This happend about 3 times. Afher I disable the 'bearDropper' service, my device uptime is now 72 days, without any hang up.
Do I need increase syslog ring buffer size?

I install the bearDropper (manually) since my wget doesn't have ssl support.
It looks fine in the beginning. Then when the system reboot, the ssh (dropbear) doesn't work any more. The only solution is to restart dropbear (for ssh). bearDropper seems working perfectly. Any suggestion? My ssh is not port 22 according to my setup.

Here is the system log when it is rebooted:

Tue Nov 15 19:54:42 2016 authpriv.warn dropbear[1001]: Failed listening on '22': Error listening: Cannot assign requested address
Tue Nov 15 19:54:42 2016 authpriv.info dropbear[1001]: Not backgrounding

Amazin packages! Thanks for creating this ... Already deployed and working fine!

Hello guys,

I am quite new to the forum as well as openwrt. I was looking for an alternative to fail2ban and I found this thread. My problem is that I replaced my dropbear with OpenSSH. Now my question is: Is bearDropper working with OpenSSH?

Thanks

Hi just installed both scripts and seem to be working just fine on LEDE build 5848. Will let you no if any thing brakes.

Thanks! Will test sub2rbl.

The discussion might have continued from here.