Use fail2ban is a good way to have active secuity checks in your system, but if you are limited to an old kernel how could you avoid probems due to incompatibility ?
A solution could be using a fake ipset supporting only del and add actions.
Create file /usr/local/bin/ipset and paste into it the following code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
#!/bin/sh ACTION=$1 if [ "$ACTION" = "del" ]; then IPADDR=$3 iptables -D INPUT --src "$IPADDR" -j DROP 2>/dev/null >/dev/null || exit 1 exit 0 fi if [ "$ACTION" = "add" ]; then IPADDR=$3 iptables -I INPUT --src "$IPADDR" -j DROP 2>/dev/null >/dev/null || exit 2 exit 0 fi exit 255 |
Execute chmod +x /usr/local/bin/ipset to make the file executable.
Now you can search for the real ipset command and replace it with the minimal version:
find /bin -name ipset -exec mv /bin/ipset /bin/ipset-old \; -exec ln -s /usr/local/bin/ipset /bin/ipset \;
find /sbin -name ipset -exec mv /bin/ipset /sbin/ipset-old \; -exec ln -s /usr/local/bin/ipset /sbin/ipset \;
find /usr/bin -name ipset -exec mv /usr/bin/ipset /usr/bin/ipset-old \; -exec ln -s /usr/local/bin/ipset /usr/bin/ipset \;
find /usr/sbin -name ipset -exec mv /usr/sbin/ipset /usr/sbin/ipset-old \; -exec ln -s /usr/local/bin/ipset /usr/sbin/ipset \;