Hello.
As you know, many people are now using PF on their FreeBSD servers. I've
made some changes to make it work with PF, and I think they are worth
including in the port by default.
I'm including the configuration needed to use Fail2Ban with PF on FreeBSD.
Basically, you make a table in PF, and add to the table as the
'actionban' and remove the entry from the table as the 'actionunban'.
Pretty simple.
You can easily see a list of banned addresses using:
sudo pfctl -t fail2ban -T show
Thanks for the port of this great utility!
- Chris
--
Chris Jones
CCNP, JNCIA-M
Senior Systems Manager
Pittsburg State University
E-mail: cjo...@pittstate.edu
Phone: 1.620.235.4158
--
"The production of too many useful things results in too
many useless people."
-Karl Marx
FAIL2BAN EDITS FOR PF ON FREEBSD
Chris Jones - 2009.06.17
============================================================
./jail.conf:
# PF jail
[ssh-pf]
enabled = true
filter = sshd
action = pf
sendmail-whois[name=SSH, dest=em...@domain.com]
logpath = /var/log/auth.log
============================================================
./action.d/pf.conf:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = pfctl -t fail2ban -T add <ip>
actionunban = pfctl -t fail2ban -T delete `pfctl -t fail2ban -T show
2>/dev/null | grep <ip>`
[Init]
port = ssh
localhost = 127.0.0.1
============================================================
/etc/pf.conf:
table <fail2ban> persist
block in on $ext_if from <fail2ban>
============================================================
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"