FreeBSD12.2下安装Fain2ban+Ipfw
文档转摘自:https://phrye.com/tools/fail2ban-on-freebsd/
安装fail2ban时,特别提醒了:不要直接更改.conf文档,而是创建相应以.local的文档
一、IPFW的相关设置
1、设置IPFW规则
创建/usr/local/ipfw.rules,内容如下:
# Initial setting
/bin/sh /etc/rc.firewall open
# fail2ban IPs
if ! ipfw table 1 info > /dev/null 2>&1; then
ipfw table 1 create
ipfw table 1 flush
fi
ipfw add 1 deny ip from "table(1)" to me
2、IPFW开机启动
编辑/etc/rc.conf,添加以下内容
firewall_enable="YES"
firewall_type="open"
firewall_script="/usr/etc/ipfw.rules"
二、Faile2ban相关设置
1、安装
cd /usr/ports/security/py-fail2ban
make install clean
2、设置
1)开机启动
sysrc fail2ban_enable="YES"
2)创建/usr/local/etc/fail2ban/action.d/ipfw-table.local,内容如下
# Fail2Ban configuration file
#
# Author: Nick Munger
# Modified by: Cyril Jaquier
# Modified by: Kevin Lyda
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ipfw table 1 add <ip>
actionunban = ipfw table 1 delete <ip>
3)创建/usr/local/etc/fail2ban/jail.d/ssh_ipfw.local,内容如下
[DEFAULT]
ignoreip = 127.0.0.1/8
# JAILS
[sshd]
enabled = true
mode = aggressive
action = ipfw-table[name=SSH,port=ssh,protocol=tcp]
logpath = /var/log/auth.log
findtime = 600
maxretry = 3
bantime = 3600
三、重启IPFW和Fail2ban服务,看看起效果了没
service ipfw restart
service fail2ban restart
这里要增加其他jail也非常方便,比如增加dovecot_ipfw.local,只要把ssh的略改下
[DEFAULT]
ignoreip = 127.0.0.1/8 #不计算在内的IP地址
# JAILS
[dovecot]
enabled = true
mode = aggressive
action = ipfw-table[name=dovecot,port=dovecot,protocol=tcp] #直接用ipfw-table,只要把相应的"name","port","protocol"改成dovecot的就可以了。
logpath = /var/log/maillog #改成dovecot的Log文档
findtime = 600
maxretry = 3
bantime = 3600
其他就不用变了。