| blob | ec87c5eaf1e11c59575d20270fb0f417b8b7bcbb |
1 --- fail2ban-1.1.0/README.Solaris.orig
2 +++ fail2ban-1.1.0/README.Solaris
3 @@ -120,3 +120,17 @@
4 * Fail2ban adds lines like these to /etc/hosts.deny:
6 sshd: 1.2.3.4
7 +
8 +* Solaris IP Filter uses a "last matching rule" algorithm. If the packet
9 + matches a rule containing the "quick" keyword, the action for that rule is
10 + taken and no subsequent rules are checked. This concept is not compatible
11 + with fail2ban. It appends rules at the end of a rule set and will never match
12 + (i.e. block a connection) if an earlier rule matches (i.e. pass a connection)
13 + with quick. If you want an incoming firewall on a system that only supports
14 + incoming web connections, the rules would look like this to support fail2ban:
15 +
16 + block in from any to any
17 + pass in from any to any port = 80 keep state
18 +
19 + fail2ban would then append to the end:
20 + block in quick from x.x.x.x/32 to any