Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 17 Jun 2009 16:01:13 -0500
From:      Chris Jones <cjones@pittstate.edu>
To:        pgollucci@FreeBSD.org
Cc:        ports@FreeBSD.org
Subject:   FreeBSD Port: py25-fail2ban-0.8.3_1
Message-ID:  <4A395999.90203@pittstate.edu>
next in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.
--------------070907060300090005010901
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hello.

As you know, many people are now using PF on their FreeBSD servers. I've 
made some changes to make it work with PF, and I think they are worth 
including in the port by default.

I'm including the configuration needed to use Fail2Ban with PF on FreeBSD.

Basically, you make a table in PF, and add to the table as the 
'actionban' and remove the entry from the table as the 'actionunban'. 
Pretty simple.

You can easily see a list of banned addresses using:
sudo pfctl -t fail2ban -T show

Thanks for the port of this great utility!

- Chris

-- 
Chris Jones
CCNP, JNCIA-M
Senior Systems Manager
Pittsburg State University
E-mail: cjones@pittstate.edu
Phone: 1.620.235.4158

--

"The production of too many useful things results in too
many useless people."
                                               -Karl Marx

--------------070907060300090005010901
Content-Type: text/plain;
 name="fail2ban-pf-modifications.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="fail2ban-pf-modifications.txt"


FAIL2BAN EDITS FOR PF ON FREEBSD
Chris Jones - 2009.06.17
============================================================

./jail.conf:

# PF jail

[ssh-pf]

enabled = true
filter  = sshd
action  = pf
          sendmail-whois[name=SSH, dest=email@domain.com]
logpath = /var/log/auth.log

============================================================

./action.d/pf.conf:

[Definition]

actionstart = 
actionstop = 
actioncheck = 
actionban = pfctl -t fail2ban -T add  <ip>
actionunban = pfctl -t fail2ban -T delete `pfctl -t fail2ban -T show 2>/dev/null | grep <ip>`

[Init]

port = ssh
localhost = 127.0.0.1

============================================================

/etc/pf.conf:

table <fail2ban> persist
block in on $ext_if from <fail2ban>

============================================================


--------------070907060300090005010901--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A395999.90203>