Skip to content

I suggest you...

← Feature Suggestions

fail2ban now supports IPv6 - please upgrade

At some time you closed the request "fail2ban for IPv6" stating that fail2ban does not support it. That was no doubt correct at the time - but now it does, see https://github.com/fail2ban/fail2ban/tree/0.10

I'm seeing a lot of warnings in the fail2ban log on my dual stack servers, like this:

66:1000:b01c:10ab:0:1: [Errno -9] Address family for hostname not supported

and my log checking software is complaining to me about the overly long fail2ban log.

See also: https://ctrl.blog/entry/fail2ban-ipv6

Thanks! Tim.

174 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Tim Reeves shared this idea  ·   ·  Report…  ·  Admin →

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • [Deleted User] commented  ·   ·  Report

    How is this not available yet ??? :o
    I know fail2ban v0.10 is not released as "stable" but that's a crucial security feature!

  • Anonymous commented  ·   ·  Report

    It still does not work for ipv6. What sense makes fail2ban then?

  • Florian commented  ·   ·  Report

    a security feature w/o IPv6 support is broken.
    Please consider upgrading/patching fail2ban for IPv6 support ASAP.

  • PB commented  ·   ·  Report

    please add option to use Fail2Ban with IPv6 support (it doesn't matter it is experimental version) because at the moment, without any IPv6 protection it is super stupid

  • Denis commented  ·   ·  Report

    Make fail2ban Great Again!

  • Michael commented  ·   ·  Report

    Any update on this important topic?

  • hape commented  ·   ·  Report

    Yes please! Do an upgrade!

  • Michael commented  ·   ·  Report

    yes , please upgrade

    thx in advance

  • Alex commented  ·   ·  Report

    +1 This is a must have!

  • Anonymous commented  ·   ·  Report

    +1 It is one of the most important security features

  • linulex commented  ·   ·  Report

    +1, do i need to explane why i think security is needed?

  • [Deleted User] commented  ·   ·  Report

    Ok, Alexander Yamshanov, that's right, but please appreciate that some of the fail2ban folks again took up the development for new features, after some years ago most of them considered the software to be "complete".

  • Alexander Yamshanov commented  ·   ·  Report

    Hi all,

    Please notice IPv6 functional accessible only in version 0.10.x, but this version has experimental status, not stable. Anyway, let's continue voting!

  • Tim Reeves commented  ·   ·  Report

    Hey people,

    thanks to those who already voted this up!

    And a big PLEASE to everyone else: Please consider adding your vote. All the major data centers in Germany for vServers have been offering IPv6 for quite some time now - Hetzner, HostEurope, Strato, Contabo... it's hard NOT to get an IPv6. And without fail2ban testing IPv6 we are (a) not any way as secure as we should be, and (b) get lots of spurious messages in our log files.

    Thanks!

    Tim

  • raykai commented  ·   ·  Report

    I think its important as OVH and other data-centers are now attaching ipv6 addresses to most of there servers and VPS. OVH started rolling it out free ipv6 about one month a go.

    Most will start seeing a message at there host datacenters like this: "Your instance is now linked to a free IPv6 in addition to the default IPv4."

    Since then my servers has been getting hit harder with ipv6 brute-force attack and vulnerability scans. Even more then when i was just on ipv4

    Plesk seams to be weaker when it comes to ipv6 prevention IMO.

    Having plesk Fail2Ban updated to v0.10 would help for this.

2

Feature Suggestions: Security

Categories

Feedback and Knowledge Base

(thinking…)