mail server in jail, host pf, and fail2ban
freebsd at theory14.net
Sat Jun 22 19:07:47 UTC 2019
Assuming your jail host can see the files inside the jail -- specifically the jail's /var/log/maillog -- you could run fail2ban on the jail host where it has access to pf and simply point it to the jail's /var/log/maillog.
For example, assume your mail jail is named mailserver. (NOTE: I'm using iocage to manage my jails so some of the path will be part of iocage's standards.) On your jail host, in /usr/local/etc/fail2ban/jail.local, you would use a stanza such as:
enabled = yes
port = smtp,456,submission
logpath = /iocage/jails/mailserver/root/var/log/maillog
backend = %(postfix_backend)s
* By "jail host" I mean the machine running the jails.
> On Jun 22, 2019, at 11:50 AM, David Mehler <dave.mehler at gmail.com> wrote:
> I've got a pf/fail2ban/jail/postscreen question. I'm running a mail
> system in a FreeBSD jail, and on the host system i'm using the pf
> firewall. What I'm getting are connections to my jail's postscreen
> port 25, what i'd like to get done is to try to get those ips scanned
> for on the host and banned by fail2ban and pf.
> Suggestions welcome.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions