FreeBSD Port: py25-fail2ban-0.8.3_1
Chris Jones
cjones at pittstate.edu
Wed Jun 17 21:21:12 UTC 2009
Hello.
As you know, many people are now using PF on their FreeBSD servers. I've
made some changes to make it work with PF, and I think they are worth
including in the port by default.
I'm including the configuration needed to use Fail2Ban with PF on FreeBSD.
Basically, you make a table in PF, and add to the table as the
'actionban' and remove the entry from the table as the 'actionunban'.
Pretty simple.
You can easily see a list of banned addresses using:
sudo pfctl -t fail2ban -T show
Thanks for the port of this great utility!
- Chris
--
Chris Jones
CCNP, JNCIA-M
Senior Systems Manager
Pittsburg State University
E-mail: cjones at pittstate.edu
Phone: 1.620.235.4158
--
"The production of too many useful things results in too
many useless people."
-Karl Marx
-------------- next part --------------
FAIL2BAN EDITS FOR PF ON FREEBSD
Chris Jones - 2009.06.17
============================================================
./jail.conf:
# PF jail
[ssh-pf]
enabled = true
filter = sshd
action = pf
sendmail-whois[name=SSH, dest=email at domain.com]
logpath = /var/log/auth.log
============================================================
./action.d/pf.conf:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = pfctl -t fail2ban -T add <ip>
actionunban = pfctl -t fail2ban -T delete `pfctl -t fail2ban -T show 2>/dev/null | grep <ip>`
[Init]
port = ssh
localhost = 127.0.0.1
============================================================
/etc/pf.conf:
table <fail2ban> persist
block in on $ext_if from <fail2ban>
============================================================
More information about the freebsd-ports
mailing list