Date: Tue, 17 Oct 2017 13:25:01 -0600 From: "Janky Jay, III" <jankyj@unfs.us> To: freebsd-ports@freebsd.org Subject: Re: FreeBSD Port: py27-fail2ban-0.10.1 Message-ID: <d177b41a-805c-efcc-f556-6de424646c33@unfs.us> In-Reply-To: <97b76bba-47ca-9872-4f07-b6dc166c1e82@gmail.com> References: <49fbc280-f598-6734-0bdb-dfd24de4fa56@gmail.com> <nycvar.OFS.7.76.1710171440310.1189@ybpnyubfg.zl.qbznva> <8aa48ea4-4740-539f-6bbe-0b95dba59b5c@gmail.com> <07e73217-1b6c-07c6-562c-e1b0bf49cee4@unfs.us> <97b76bba-47ca-9872-4f07-b6dc166c1e82@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--nAdokJc2IuPOChtiH6McgHGlkp641HLTw
Content-Type: multipart/mixed; boundary="l8PK8muLMl8tVTE9rBWgkASXxP5LjA45t";
protected-headers="v1"
From: "Janky Jay, III" <jankyj@unfs.us>
To: freebsd-ports@freebsd.org
Message-ID: <d177b41a-805c-efcc-f556-6de424646c33@unfs.us>
Subject: Re: FreeBSD Port: py27-fail2ban-0.10.1
References: <49fbc280-f598-6734-0bdb-dfd24de4fa56@gmail.com>
<nycvar.OFS.7.76.1710171440310.1189@ybpnyubfg.zl.qbznva>
<8aa48ea4-4740-539f-6bbe-0b95dba59b5c@gmail.com>
<07e73217-1b6c-07c6-562c-e1b0bf49cee4@unfs.us>
<97b76bba-47ca-9872-4f07-b6dc166c1e82@gmail.com>
In-Reply-To: <97b76bba-47ca-9872-4f07-b6dc166c1e82@gmail.com>
--l8PK8muLMl8tVTE9rBWgkASXxP5LjA45t
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Hi Alex,
On 10/17/2017 10:35 AM, Alex V. Petrov wrote:
> What should be in pf.conf?
>=20
Something as simple has the below should work (edit to however you see
fit):
# define macros for each network interface
ext_if =3D "em0"
icmp_types =3D "echoreq"
allproto =3D "{ tcp, udp, ipv6, icmp, esp, ipencap }"
privnets =3D "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"=
set loginterface $ext_if
scrub in on $ext_if no-df random-id
>=20
> 17.10.2017 23:15, Janky Jay, III =D0=BF=D0=B8=D1=88=D0=B5=D1=82:
>> In the new 0.10 version, the action rule creates the tables for you
>> based on the jail configuration. If you look at the jail files, you'll=
>> see that you now call pfctl using additional arguments such as ports
>> that are affected and a suffix to add to the default "f2b-" table name=
=2E
>>
>> So, essentially, there is no reason to create tables in the
>> pf.conf/pf.rules file anymore. They are automatically created when a
>> fail2ban filter is triggered and the IP is then added to it.
>=20
--l8PK8muLMl8tVTE9rBWgkASXxP5LjA45t--
--nAdokJc2IuPOChtiH6McgHGlkp641HLTw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlnmWQ0ACgkQGK3MsUbJZn4JdwCeJyGx/HXG6Ge/96OanZAY1OUQ
o9EAni3Mj945xE+dUrkH+czhaxu+Muld
=Auz/
-----END PGP SIGNATURE-----
--nAdokJc2IuPOChtiH6McgHGlkp641HLTw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d177b41a-805c-efcc-f556-6de424646c33>