In the old version I did so.
17.10.2017 19:47, Tommy Scheunemann пишет: > Hi, > > a simple setup that does the job for me: > > In /etc/pf.conf (bge0 is my external interface) > > --- SNIP --- > int_ext="bge0" > ... > table <blocked_hosts> > ... > block in quick on $int_ext from <badhosts> to any > ... > --- SNIP --- > > And in ${PREFIX}/fail2ban/action.d defining a new "pf" action, e.g. pf.conf > > --- SNIP --- > [Definition] > actionban = /usr/local/bin/drop_ban <ip> > actionunban = /usr/local/bin/drop_unban <ip> > actioncheck = > actionstart = > actionstop = > > [Init] > --- SNIP --- > > And the "drop_ban" and "drop_unban" scripts: > > for ban: > > --- SNIP --- > #!/bin/sh > IP=$1 > /sbin/pfctl -t badhosts -T add $IP > --- SNIP --- > > for unban > > --- SNIP --- > #!/bin/sh > IP=$1 > /sbin/pfctl -t badhosts -T del $IP > --- SNIP --- > > I'm using scripts instead of directly using actionban / actionunban to > do some additional things like running a tcpdrop, having some better > logging. > > Once done with all this, you can use "action = pf" in your jail.conf file. > > Apart this I'd highly recommend to put all this into some configuration > system (Ansible, Puppet, Cfengine etc.). > Updating the package / port will overwrite your local changes ! > > Have fun & good luck > > On Tue, 17 Oct 2017, Alex V. Petrov wrote: > >> Need a working sample for the new version of the port for pf. >> >> ----- >> Alex. >> _______________________________________________ >> freebsd-ports@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-ports >> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" >> > > -- ----- Alex. _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"