From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <foo@junior.esoo.ru>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS
	autolearn=ham version=3.2.5
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=junior.esoo.ru; s=mail; 
	h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID;
	bh=HvC7znQjslyOUJvPc0i6DnOAFv1ha+z3BspMi0IQQug=; 
	b=ZAi6E5MxmkCEXgK+S9Yu6vfNbpXAL4yQnIOjZ4TfZQDqcfKOhzUCVIWVhXtKpesEBC14e3QWAeru9psf6lod1U+FkgSHnUlS5B0nLBMz5E9V3ATNCdxIukaze5F0h52Nw33ZxS98QHWFcIpyYicLlJYowk/oB03mTh+KK1tMUWQ=;
Message-ID: <505AE44D.8020005@junior.esoo.ru>
Date: Thu, 20 Sep 2012 15:39:25 +0600
From: Anton Kvashin <foo@junior.esoo.ru>
User-Agent: Mozilla/5.0 (X11; Linux i686;
	rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
To: ALT Linux sysadmins' discussion <sysadmins@lists.altlinux.org>
References: <CAC4WpAwzGDoZym1P6g7xnyFYWyjgU-wbKufAQbksJ3SqbTpWag@mail.gmail.com>
In-Reply-To: <CAC4WpAwzGDoZym1P6g7xnyFYWyjgU-wbKufAQbksJ3SqbTpWag@mail.gmail.com>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [Sysadmins] =?koi8-r?b?RmFpbDJiYW4gzsUgzM/XydQgzdnbxcou?=
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux sysadmins' discussion <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmins' discussion <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Sep 2012 09:39:40 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/505AE44D.8020005@junior.esoo.ru/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

20.09.2012 14:24, Dmitriy Kruglikov пишет:
> Есть fail2ban, есть лог, есть правило...
>
> [lighttpd-bot]
>
> enabled  = true
> filter   = lighttpd-404
> logpath  = /var/lib/vz/root/220/var/log/lighttpd/access.log
> action   = iptables-allports[name=LigHTTPd]
>             sendmail[name=LigHTTPd, dest=monit_alert@turbosms.ua,
> sender=fail2ban_on_colocation@turbosms.ua]
> bantime  = 3600
> findtime = 60
> maxretry = 5
>
> В lighttpd-404 прописано
> failregex = ^<HOST> -.*"(GET|POST).* HTTP\/.*" .* 404 .*$
>...
> за минуту 6 обращений, соответствующих правилу, но факта блокировки нет.
> Пробовал как backend = polling, так и backend = gamin
>
> Вопос: Где я протупил, почему не работает блокировка?

А что там в iptables, ip попадает в цепочки?

-- 
Anton Kvashin