Projects / authfail


authfail is a tool for adding IP addresses to an ACL when entities from those addresses attempt to log into a system, but cause authentication failures in auth.log. It reads data from auth.log in real time and adds the IP into netfilter with a DROP/REJECT policy.

Operating Systems

Recent releases

  •  01 May 2010 15:02

    Release Notes: New rules were added to catch more denied login attempts.

    •  21 Aug 2007 09:08

      Release Notes: The file was modified to not notify private RFC 1918 networks during the setup process.

      •  05 May 2007 22:52

        Release Notes: Private networks from RFC 1918 are not notified.

        •  11 Oct 2005 13:17

          Release Notes: Whois lookup and email notifications were implemented.

          •  14 Jun 2005 05:03

            Release Notes: A modification was made to the regexp feature. The debian/authfail.init script was modified to prevent running another authfail daemon if one is already running.

            Recent comments

            23 May 2005 06:51 ottacom

            Important:make this changes for fedora core
            replace from line 70:

            sub update_iptables{

            $ip_d = shift;

            $ipd= substr($ip_d,7);




            Work fine!

            19 May 2005 09:46 ottacom

            Great Software
            You can resolve a seiruos security problem, and reduce the incoming traffic.



            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.