# fail2ban and /etc/hosts.deny

## keikoz

Hi,

I'm using fail2ban to ban bruteforcers from my ftp and ssh daemons. fail2ban works properly, all bruteforcing IP's are successfully written into my /etc/hosts.deny file.

But it seems like my ethernet interface doesn't always take the hosts.deny file in count automatically. I have to "/etc/init.d/net.eth0 restart" to have the IP's really banned from accessing my system. 

Is that normal ? And is there a simple way to make it working without restarting my ethernet interface ?

Thanks

----------

## krinn

make ssh and ftp spawn from xinetd so rules from hosts.deny will be applied when spawn.

----------

