FreeBSD Port: py26-fail2ban-0.8.4

John Bayly john.bayly at tipstrade.net
Thu Oct 7 14:47:20 UTC 2010 

  Chris Jones posted a pf action for fail2ban over a year ago with the 
suggestion that it should be added to the official port. I've attached a 
patch to include in the port which provides the bsd-pf action out of the 
box.

Can this be included into the fail2ban port?

Regards

-- 
John Bayly
Systems Administrator
------------------
TipsTrade Ltd.

16 Wornal Park,
Menmarsh Road,
Worminghall,
Bucks.
HP18 9JX

T: +44 (0)1844 337 326 (Direct)
M: +44 (0)7787 727 934
F: +44 (0)1844 337 337
E: john.bayly at tipstrade.net

E-Mail Disclaimer

Whilst TipsTrade Ltd. believes that the information is correct at the
date of this e-mail, no warranty or representation is given to this effect
and no responsibility can be accepted by TipsTrade Ltd. to any end users
for any action taken on the basis of the information.

The information contained in this electronic transmission is strictly
confidential and may be legally privileged.  It is  intended solely for the
addressee.  If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on this
is prohibited and may be unlawful. Please treat our information in
confidence, as you would expect us to treat yours.

E-mail is an inherently insecure form of communication and we do not accept
liability for any unintentional damage caused to a recipient's system by
this e-mail message and/or its attachments or for any unauthorised access to
or interference with this e-mail that may occur.

If you have received this e-mail in error, please notify the Systems
Manager: mailman at tipstrade.net

-------------- next part --------------
--- /dev/null   2010-10-07 16:20:29.000000000 +0100
+++ ./config/action.d/bsd-pf.conf 2010-10-07 16:20:22.000000000 +0100
@@ -0,0 +1,65 @@
+# Fail2Ban action file for use with the FreeBSD packet filter
+#
+# Author: Chris Jones
+# Modified by: John Bayly
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# required a pf rule like "block in on em0 from <fail2ban>"
+actionban = pfctl -t fail2ban -T add  <ip>
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = pfctl -t fail2ban -T delete `pfctl -t fail2ban -T show 2>/dev/null | grep <ip>`
+
+[Init]
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  localhost
+# Notes.:  the local IP address of the network interface
+# Values:  IP
+#
+localhost = 127.0.0.1
+

More information about the freebsd-ports mailing list