Fail2ban nxauth vs nxd jail

Forum / NoMachine for Linux / Fail2ban nxauth vs nxd jail

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #25535
    Loke
    Participant

    I setup fail2ban for NoMachine today following the instructions from nomachine.com

    While it works I have some questions regarding it.

    1) nxauth.conf specifies multiple methods but the instructions don’t mention choosing one but leaving it as it is which matches all?

    2) what’s the purpose of the nxd jail? As far as I could tell a failed login increases the number of failed actions on both jails.

    3) nxd has a ridiculously low findtime of 5 seconds, is there a reason behind that?

     

    Thanks

    #25559
    Gega
    Participant

    Hello,

    1)Yes by default we match all cases, you can change that if you don’t want to match all cases. More details are listed in nxauth.conf file.
    2)nxd.conf matches connections through NX protocol. So it’s purpose can be to restrict number of connections, by default we do that if there are more than 20 connections in last 5 seconds.
    3)nxd jail’s purpose is to ban remote hosts that are making too much connections in a very little timeframe, so we set it to 5 seconds.

    #25617
    Loke
    Participant

    IPs that get banned from both of those filters end up in fail2ban.log I am worried that if someone like me uses the recidive filter, nxd could potentially trigger it to ban an IP for a very long time, I guess the 5 seconds findtime and 20 retries will stop it from doing that.

    Thanks for the explanation

Viewing 3 posts - 1 through 3 (of 3 total)

This topic was marked as solved, you can't post.