Debian Jessie
Fail2Ban v0.8.13
Code: Alles auswählen
Mar 22 18:10:30 server kernel: [3622979.049539] UDP: bad checksum. From 176.59.104.217:39606 to 64.125.172.55:6501 ulen 15
Mar 22 18:10:32 server kernel: [3622981.129808] UDP: bad checksum. From 176.59.104.217:51806 to 64.125.172.55:6502 ulen 15
Mar 23 18:23:35 server kernel: [3710164.045868] UDP: bad checksum. From 176.59.107.30:15908 to 64.125.172.55:6501 ulen 15
Mar 23 18:23:40 server kernel: [3710169.285334] UDP: bad checksum. From 176.59.107.30:39406 to 64.125.172.55:6500 ulen 15Code: Alles auswählen
[udp-badchecksum]
enabled = true
port = all
banaction = iptables-allports
port = anyport
filter = udp-badchecksum
protocol = udp
logpath = /var/log/kern.log
maxretry = 2Code: Alles auswählen
# Fail2Ban configuration file
#
#
#
[Definition]
# Option: failregex
# Notes.: regex to match the UDP: bad checksum messages in the logfile. The
# host must be matched by a group named “host”. The tag “<HOST>”
# fails on test.
# Values: TEXT
#
#failregex = UDP: bad checksum. From (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
failregex = UDP: bad checksum. From <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =