Tag Archives: fail2ban

ipfw + fail2ban – FreeBSD

Fail2ban + ipfw = Джилязо

Вери много важно – f2b на freebsd има бъг с името на затворите, ако има “-” в името примерно ssh-ipfw, не работи :), затова sshipfw, да ти е мирна главицата!

Install fail2ban on freebsd

cd /usr/ports/security/py-fail2ban
make install clean
echo ‘fail2ban_enable=”YES”‘ >> /etc/rc.conf

Create table in ipfw for F2B

ipfw table 10 add 127.0.0.2
ipfw add 1 deny ip from table(10) to me

Must create action for ipfw in f2b action.d/ipfw.con to know how to deal with the spammers

actionban = ipfw table 10 add
actionunban = ipfw table 10 delete

jail.conf setting

ignoreip = 127.0.0.1/8
bantime = 35600

[sshipfw]
enabled = true
filter = ipfw-ssh
action = ipfw-ssh[localhost=127.0.0.1]
sendmail-whois[name=”SSH,IPFW”, dest=netadmin@powernet.bg]
logpath = /var/log/auth.log
maxretry = 3

[postfix]
enabled = true
filter = postfix
action = mail[localhost=127.0.0.1]
sendmail-whois[name=”Postfix jail”, dest=netadmin@powernet.bg]
logpath = /var/log/maillog
maxretry = 4

[dovecot]
enabled = true
filter = dovecot
action = mail[localhost=127.0.0.1]
sendmail-whois[name=”Dovecot mail jail”, dest=netadmin@powernet.bg]
logpath = /var/log/maillog
maxretry = 4