- This topic has 2 replies, 2 voices, and was last updated 4 years, 2 months ago by
.
-
Posts
-
I setup fail2ban for NoMachine today following the instructions from nomachine.com
While it works I have some questions regarding it.
1) nxauth.conf specifies multiple methods but the instructions don’t mention choosing one but leaving it as it is which matches all?
2) what’s the purpose of the nxd jail? As far as I could tell a failed login increases the number of failed actions on both jails.
3) nxd has a ridiculously low findtime of 5 seconds, is there a reason behind that?
Thanks
Hello,
1)Yes by default we match all cases, you can change that if you don’t want to match all cases. More details are listed in nxauth.conf file.
2)nxd.conf matches connections through NX protocol. So it’s purpose can be to restrict number of connections, by default we do that if there are more than 20 connections in last 5 seconds.
3)nxd jail’s purpose is to ban remote hosts that are making too much connections in a very little timeframe, so we set it to 5 seconds.IPs that get banned from both of those filters end up in fail2ban.log I am worried that if someone like me uses the recidive filter, nxd could potentially trigger it to ban an IP for a very long time, I guess the 5 seconds findtime and 20 retries will stop it from doing that.
Thanks for the explanation
This topic was marked as solved, you can't post.