Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Excellent!  I shall give that a try in due course....I'm supposed to be on holiday for a week but somehow I think the laptop will fire up before then :-)

52

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Thank you robzr for this great tool. Really simple to get set up!

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Thank you, glad to hear it smile

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Running r49377 and getting this error when I type the last command in setup

Creating ipset sub2rbl
ipset v6.24: Cannot open session to kernel.
Creating ipset sub2rbl_swing
ipset v6.24: Cannot open session to kernel.
Retrieving RBL (https://lists.blocklist.de/lists/ssh.txt)
ipset v6.24: Cannot open session to kernel.
ipset v6.24: Error in line 1: Cannot open session to kernel.
ipset v6.24: Cannot open session to kernel.
RBL (https://lists.blocklist.de/lists/ssh.txt) added 0 entries
Creating ipset sub2rbl
ipset v6.24: Cannot open session to kernel.
Creating ipset sub2rbl_swing
ipset v6.24: Cannot open session to kernel.
Retrieving RBL (https://lists.blocklist.de/lists/strongips.txt)

Any idea what's wrong?

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Hi, did you install the ipset kernel module (package kmod-ipt-ipset)?

Rob

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

All installed fine

Package kmod-ipt-ipset (4.4.7-1) installed in root is up to date

I noticed that I've included some ip6 stuff in my build,  could this be the problem?

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

PhusioN wrote:

All installed fine

Package kmod-ipt-ipset (4.4.7-1) installed in root is up to date

I noticed that I've included some ip6 stuff in my build,  could this be the problem?

I doubt it? Did you build a custom kernel?  What is the output of lsmod | grep ip_set

Rob

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Nothing is showing up for that command

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

PhusioN wrote:

Nothing is showing up for that command

Sounds like the ipset kernel modules are not loading.  If you rebuild or are using a different kernel, you probably have to rebuild and install the ipset modules as well.  "modprobe ip_set" should give you more details on what's happening.

Rob

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Thanks for help, rebuilt build with kmod-ipt-ipset, etc all selected. Working fine now

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Thanks for the work here. What would it take for sub2rbl become a package?

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

lkraav wrote:

Thanks for the work here. What would it take for sub2rbl become a package?

Thanks.  I'm not sure, do you know if there are any good instructions on making a package?  Since there are no binaries the install bit should be pretty simple.

Rob

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Hi:
Thanks for this usefull tool.
I installed it on X64 Openwrt 15.05.1, it works, but the Luci will hang up when login after 7-15 days, I have to reboot the device, the logread seem dead.
This happend about 3 times. Afher I disable the 'bearDropper' service, my device uptime is now 72 days, without any hang up.
Do I need increase syslog ring buffer size?

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

I install the bearDropper (manually) since my wget doesn't have ssl support.
It looks fine in the beginning. Then when the system reboot, the ssh (dropbear) doesn't work any more. The only solution is to restart dropbear (for ssh). bearDropper seems working perfectly. Any suggestion? My ssh is not port 22 according to my setup.

Here is the system log when it is rebooted:

Tue Nov 15 19:54:42 2016 authpriv.warn dropbear[1001]: Failed listening on '22': Error listening: Cannot assign requested address
Tue Nov 15 19:54:42 2016 authpriv.info dropbear[1001]: Not backgrounding

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Amazin packages! Thanks for creating this ... Already deployed and working fine!

Regards,
Mariano

Lede Reboot SNAPSHOT r4114-6704410 / LuCI Master (git-17.130.58552-d04f667) on Kernel 4.9.20

Re: Fail2ban replacement and RBL firewall sync'ing - in lightweight ash

Hello guys,

I am quite new to the forum as well as openwrt. I was looking for an alternative to fail2ban and I found this thread. My problem is that I replaced my dropbear with OpenSSH. Now my question is: Is bearDropper working with OpenSSH?

Thanks