FreeBSD Port: py25-fail2ban-0.8.3_1

Chris Jones cjones at
Wed Jun 17 21:21:12 UTC 2009


As you know, many people are now using PF on their FreeBSD servers. I've 
made some changes to make it work with PF, and I think they are worth 
including in the port by default.

I'm including the configuration needed to use Fail2Ban with PF on FreeBSD.

Basically, you make a table in PF, and add to the table as the 
'actionban' and remove the entry from the table as the 'actionunban'. 
Pretty simple.

You can easily see a list of banned addresses using:
sudo pfctl -t fail2ban -T show

Thanks for the port of this great utility!

- Chris

Chris Jones
Senior Systems Manager
Pittsburg State University
E-mail: cjones at
Phone: 1.620.235.4158


"The production of too many useful things results in too
many useless people."
                                               -Karl Marx
-------------- next part --------------

Chris Jones - 2009.06.17


# PF jail


enabled = true
filter  = sshd
action  = pf
          sendmail-whois[name=SSH, dest=email at]
logpath = /var/log/auth.log




actionstart = 
actionstop = 
actioncheck = 
actionban = pfctl -t fail2ban -T add  <ip>
actionunban = pfctl -t fail2ban -T delete `pfctl -t fail2ban -T show 2>/dev/null | grep <ip>`


port = ssh
localhost =



table <fail2ban> persist
block in on $ext_if from <fail2ban>


More information about the freebsd-ports mailing list