ipfw + fail2ban – FreeBSD

Fail2ban + ipfw = Джилязо

Вери много важно – f2b на freebsd има бъг с името на затворите, ако има “-” в името примерно ssh-ipfw, не работи :), затова sshipfw, да ти е мирна главицата!

Install fail2ban on freebsd

cd /usr/ports/security/py-fail2ban

make install clean

echo ‘fail2ban_enable=”YES”‘ >> /etc/rc.conf

Create table in ipfw for F2B

ipfw table 10 add 127.0.0.2

ipfw add 1 deny ip from table(10) to me

**Must create action for ipfw in f2b action.d/ipfw.con to know how to deal with the spammers

**

actionban = ipfw table 10 add

actionunban = ipfw table 10 delete

jail.conf setting

ignoreip = 127.0.0.18

bantime = 35600

[sshipfw]

enabled = true

filter = ipfw-ssh

action = ipfw-ssh[localhost=127.0.0.1]

sendmail-whois[name=”SSH,IPFW”, dest=netadmin@powernet.bg]

logpath = /var/log/auth.log

maxretry = 3

[postfix]

enabled = true

filter = postfix

action = mail[localhost=127.0.0.1]

sendmail-whois[name=”Postfix jail”, dest=netadmin@powernet.bg]

logpath = /var/log/maillog

maxretry = 4

[dovecot]

enabled = true

filter = dovecot

action = mail[localhost=127.0.0.1]

sendmail-whois[name=”Dovecot mail jail”, dest=netadmin@powernet.bg]

logpath = /var/log/maillog

maxretry = 4