fail2ban + ipfw howto?

Cary cary at SDF.org
Wed Jun 29 04:51:32 UTC 2016 

Nagy László Zsolt wrote:
>   Hello,

> So can somebody suggest a good place to start with fail2ban + ipfw?
> 
> Thanks,
> 
>    Laszlo
> 

> 
Hi,

Have you tried changing the value of "banaction" to "ipfw" ?

-- 
cary at sdf.org
SDF Public Access UNIX System - http://sdf.org


------------------------------
-------------- next part --------------
*** /usr/local/etc/fail2ban/jail.conf	Mon Jun 27 20:55:22 2016
--- /usr/local/etc/fail2ban/jail.local	Tue Jun 28 21:25:36 2016
***************
*** 154,164 ****
  
  # Default banning action (e.g. iptables, iptables-new,
  # iptables-multiport, shorewall, etc) It is used to define
  # action_* variables. Can be overridden globally or per
  # section within jail.local file
! banaction = iptables-multiport
  banaction_allports = iptables-allports
  
  # The simplest action to take: ban only
  action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
  
--- 154,165 ----
  
  # Default banning action (e.g. iptables, iptables-new,
  # iptables-multiport, shorewall, etc) It is used to define
  # action_* variables. Can be overridden globally or per
  # section within jail.local file
! #banaction = iptables-multiport
! banaction = ipfw
  banaction_allports = iptables-allports
  
  # The simplest action to take: ban only
  action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
  
***************
*** 223,233 ****
  [sshd]
  
  port    = ssh
  logpath = %(sshd_log)s
  backend = %(sshd_backend)s
! 
  
  [sshd-ddos]
  # This jail corresponds to the standard configuration in Fail2ban.
  # The mail-whois action send a notification e-mail with a whois request
  # in the body.
--- 224,234 ----
  [sshd]
  
  port    = ssh
  logpath = %(sshd_log)s
  backend = %(sshd_backend)s
! enabled = yes
  
  [sshd-ddos]
  # This jail corresponds to the standard configuration in Fail2ban.
  # The mail-whois action send a notification e-mail with a whois request
  # in the body.

More information about the freebsd-questions mailing list