Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Oct 2017 14:47:34 +0200
From:      Tommy Scheunemann <net@arrishq.net>
To:        "Alex V. Petrov" <alexvpetrov@gmail.com>
Cc:        theis@gmx.at, ports@FreeBSD.org
Subject:   Re: FreeBSD Port: py27-fail2ban-0.10.1
Message-ID:  <nycvar.OFS.7.76.1710171440310.1189@ybpnyubfg.zl.qbznva>
In-Reply-To: <49fbc280-f598-6734-0bdb-dfd24de4fa56@gmail.com>
References:  <49fbc280-f598-6734-0bdb-dfd24de4fa56@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

a simple setup that does the job for me:

In /etc/pf.conf (bge0 is my external interface)

--- SNIP ---
int_ext="bge0"
...
table <blocked_hosts>
...
block in quick on $int_ext from <badhosts> to any
...
--- SNIP ---

And in ${PREFIX}/fail2ban/action.d defining a new "pf" action, e.g. 
pf.conf

--- SNIP ---
[Definition]
actionban = /usr/local/bin/drop_ban <ip>
actionunban = /usr/local/bin/drop_unban <ip>
actioncheck =
actionstart =
actionstop =

[Init]
--- SNIP ---

And the "drop_ban" and "drop_unban" scripts:

for ban:

--- SNIP ---
#!/bin/sh
IP=$1
/sbin/pfctl -t badhosts -T add $IP
--- SNIP ---

for unban

--- SNIP ---
#!/bin/sh
IP=$1
/sbin/pfctl -t badhosts -T del $IP
--- SNIP ---

I'm using scripts instead of directly using actionban / actionunban to do 
some additional things like running a tcpdrop, having some better logging.

Once done with all this, you can use "action = pf" in your jail.conf file.

Apart this I'd highly recommend to put all this into some configuration 
system (Ansible, Puppet, Cfengine etc.).
Updating the package / port will overwrite your local changes !

Have fun & good luck

On Tue, 17 Oct 2017, Alex V. Petrov wrote:

> Need a working sample for the new version of the port for pf.
>
> -----
> Alex.
> _______________________________________________
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.1710171440310.1189>