1 (edited by optech 2011-09-22 12:26:10)

Topic: be careful with fail2ban if you have alot of remote users behind NAT's

We have offices spread out over US and Mexico and it's not uncommon for webmail users to have password issues- forgotten or otherwise.  The problem is, with fail2ban installed it could easily cause all the users in the office to 'mysteriously' start getting blocked.  Unfortunately this kind of marred our new mail server rollout by causing "random' failures for  a week or so.  Even if you do a "chkconfig iptables off", fail2ban can still cause issues.

Anyways, just  a little experience I had.

2

Re: be careful with fail2ban if you have alot of remote users behind NAT's

You can append your internet network in Fail2ban config, in variable "ignoreip =" to avoid this issue.

Personally, it's highly recommended to enable Fail2ban.