Re: FreeBSD Port: py27-fail2ban-0.10.1
Yes, it works! That's what you need. Thank you all. 18.10.2017 13:02, Matthias Fechner пишет: > Hi Alex, > > Am 17.10.17 um 14:20 schrieb Alex V. Petrov: >> Need a working sample for the new version of the port for pf. > > I have it working now. > Put into your pf.conf where the rules from fail2ban be added the line: > # Anchor for fail2ban > anchor "f2b/*" > > In your jail.local: > [DEFAULT] > banaction = pf[actiontype=] > > The rest you can keep on standard. Just add and enable your jails into > fail2ban that should run. > This configuration will block all connections from the IP. If you want > to only specific on some ports you can use another actiontype, but there > is another bug that will cause this not to work in 0.10.1. > > > Gruß, > Matthias > -- - Alex. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: FreeBSD Port: py27-fail2ban-0.10.1
Hi Alex, Am 17.10.17 um 14:20 schrieb Alex V. Petrov: Need a working sample for the new version of the port for pf. I have it working now. Put into your pf.conf where the rules from fail2ban be added the line: # Anchor for fail2ban anchor "f2b/*" In your jail.local: [DEFAULT] banaction = pf[actiontype=] The rest you can keep on standard. Just add and enable your jails into fail2ban that should run. This configuration will block all connections from the IP. If you want to only specific on some ports you can use another actiontype, but there is another bug that will cause this not to work in 0.10.1. Gruß, Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: FreeBSD Port: py27-fail2ban-0.10.1
Hi Alex, On 10/17/2017 10:35 AM, Alex V. Petrov wrote: > What should be in pf.conf? > Something as simple has the below should work (edit to however you see fit): # define macros for each network interface ext_if = "em0" icmp_types = "echoreq" allproto = "{ tcp, udp, ipv6, icmp, esp, ipencap }" privnets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" set loginterface $ext_if scrub in on $ext_if no-df random-id > > 17.10.2017 23:15, Janky Jay, III пишет: >> In the new 0.10 version, the action rule creates the tables for you >> based on the jail configuration. If you look at the jail files, you'll >> see that you now call pfctl using additional arguments such as ports >> that are affected and a suffix to add to the default "f2b-" table name. >> >> So, essentially, there is no reason to create tables in the >> pf.conf/pf.rules file anymore. They are automatically created when a >> fail2ban filter is triggered and the IP is then added to it. > signature.asc Description: OpenPGP digital signature
Re: FreeBSD Port: py27-fail2ban-0.10.1
What should be in pf.conf? 17.10.2017 23:15, Janky Jay, III пишет: > In the new 0.10 version, the action rule creates the tables for you > based on the jail configuration. If you look at the jail files, you'll > see that you now call pfctl using additional arguments such as ports > that are affected and a suffix to add to the default "f2b-" table name. > > So, essentially, there is no reason to create tables in the > pf.conf/pf.rules file anymore. They are automatically created when a > fail2ban filter is triggered and the IP is then added to it. -- - Alex. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: FreeBSD Port: py27-fail2ban-0.10.1
Hello, In the new 0.10 version, the action rule creates the tables for you based on the jail configuration. If you look at the jail files, you'll see that you now call pfctl using additional arguments such as ports that are affected and a suffix to add to the default "f2b-" table name. So, essentially, there is no reason to create tables in the pf.conf/pf.rules file anymore. They are automatically created when a fail2ban filter is triggered and the IP is then added to it. On 10/17/2017 07:16 AM, Alex V. Petrov wrote: > In the old version I did so. > > > 17.10.2017 19:47, Tommy Scheunemann пишет: >> Hi, >> >> a simple setup that does the job for me: >> >> In /etc/pf.conf (bge0 is my external interface) >> >> --- SNIP --- >> int_ext="bge0" >> ... >> table >> ... >> block in quick on $int_ext from to any >> ... >> --- SNIP --- >> >> And in ${PREFIX}/fail2ban/action.d defining a new "pf" action, e.g. pf.conf >> >> --- SNIP --- >> [Definition] >> actionban = /usr/local/bin/drop_ban >> actionunban = /usr/local/bin/drop_unban >> actioncheck = >> actionstart = >> actionstop = >> >> [Init] >> --- SNIP --- >> >> And the "drop_ban" and "drop_unban" scripts: >> >> for ban: >> >> --- SNIP --- >> #!/bin/sh >> IP=$1 >> /sbin/pfctl -t badhosts -T add $IP >> --- SNIP --- >> >> for unban >> >> --- SNIP --- >> #!/bin/sh >> IP=$1 >> /sbin/pfctl -t badhosts -T del $IP >> --- SNIP --- >> >> I'm using scripts instead of directly using actionban / actionunban to >> do some additional things like running a tcpdrop, having some better >> logging. >> >> Once done with all this, you can use "action = pf" in your jail.conf file. >> >> Apart this I'd highly recommend to put all this into some configuration >> system (Ansible, Puppet, Cfengine etc.). >> Updating the package / port will overwrite your local changes ! >> >> Have fun & good luck >> >> On Tue, 17 Oct 2017, Alex V. Petrov wrote: >> >>> Need a working sample for the new version of the port for pf. >>> >>> - >>> Alex. >>> ___ >>> freebsd-ports@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-ports >>> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" >>> >> >> > signature.asc Description: OpenPGP digital signature
Re: FreeBSD Port: py27-fail2ban-0.10.1
In the old version I did so. 17.10.2017 19:47, Tommy Scheunemann пишет: > Hi, > > a simple setup that does the job for me: > > In /etc/pf.conf (bge0 is my external interface) > > --- SNIP --- > int_ext="bge0" > ... > table > ... > block in quick on $int_ext from to any > ... > --- SNIP --- > > And in ${PREFIX}/fail2ban/action.d defining a new "pf" action, e.g. pf.conf > > --- SNIP --- > [Definition] > actionban = /usr/local/bin/drop_ban > actionunban = /usr/local/bin/drop_unban > actioncheck = > actionstart = > actionstop = > > [Init] > --- SNIP --- > > And the "drop_ban" and "drop_unban" scripts: > > for ban: > > --- SNIP --- > #!/bin/sh > IP=$1 > /sbin/pfctl -t badhosts -T add $IP > --- SNIP --- > > for unban > > --- SNIP --- > #!/bin/sh > IP=$1 > /sbin/pfctl -t badhosts -T del $IP > --- SNIP --- > > I'm using scripts instead of directly using actionban / actionunban to > do some additional things like running a tcpdrop, having some better > logging. > > Once done with all this, you can use "action = pf" in your jail.conf file. > > Apart this I'd highly recommend to put all this into some configuration > system (Ansible, Puppet, Cfengine etc.). > Updating the package / port will overwrite your local changes ! > > Have fun & good luck > > On Tue, 17 Oct 2017, Alex V. Petrov wrote: > >> Need a working sample for the new version of the port for pf. >> >> - >> Alex. >> ___ >> freebsd-ports@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-ports >> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" >> > > -- - Alex. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: FreeBSD Port: py27-fail2ban-0.10.1
Hi, a simple setup that does the job for me: In /etc/pf.conf (bge0 is my external interface) --- SNIP --- int_ext="bge0" ... table ... block in quick on $int_ext from to any ... --- SNIP --- And in ${PREFIX}/fail2ban/action.d defining a new "pf" action, e.g. pf.conf --- SNIP --- [Definition] actionban = /usr/local/bin/drop_ban actionunban = /usr/local/bin/drop_unban actioncheck = actionstart = actionstop = [Init] --- SNIP --- And the "drop_ban" and "drop_unban" scripts: for ban: --- SNIP --- #!/bin/sh IP=$1 /sbin/pfctl -t badhosts -T add $IP --- SNIP --- for unban --- SNIP --- #!/bin/sh IP=$1 /sbin/pfctl -t badhosts -T del $IP --- SNIP --- I'm using scripts instead of directly using actionban / actionunban to do some additional things like running a tcpdrop, having some better logging. Once done with all this, you can use "action = pf" in your jail.conf file. Apart this I'd highly recommend to put all this into some configuration system (Ansible, Puppet, Cfengine etc.). Updating the package / port will overwrite your local changes ! Have fun & good luck On Tue, 17 Oct 2017, Alex V. Petrov wrote: Need a working sample for the new version of the port for pf. - Alex. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: FreeBSD Port: py27-fail2ban-0.10.1
Am 17.10.2017 um 14:20 schrieb Alex V. Petrov: Need a working sample for the new version of the port for pf. Sorry, I'm not using pf and I'm not familiar with it. I'm even looking for a small sample /etc/pf.conf, so I can start playing around with it myself. Have a look in the discussion on fail2ban, esp. issue 1915 https://github.com/fail2ban/fail2ban/issues/1915 It is still ongoing and if you are a pf user you can contribute. Best regards Christoph ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"