Hello,
I just installed security/py-fail2ban using
I now want to create some default setting so I
When renaming jail.conf to jail.local, do I loose everything that I haven't copied across from jail.conf?
Also when restarting the fail2ban service fail2ban clears the chain for the filter and parses the current log for matches, not the rotated logs. So you don't ban any IPs that were banned before logrotate rotated the old log.
will adding the following solve this problem?
/actions.d/pf.local
Thank you
I just installed security/py-fail2ban using
pkg install py27-fail2ban
. I then created /usr/local/etc/fail2ban/jail.d/ssh-pf.local with the following:
Code:
[ssh-pf]
enabled = true
filter = bsd-sshd
action = pf
# sendmail-whois[name=SSH, dest=root@localhost, sender=noreply@localhost]
logpath = /var/log/auth.log
bantime = 5400
findtime = 600
maxretry = 3
I now want to create some default setting so I
vi /usr/local/etc/fail2ban/jail.local
with the following setting:
Code:
[DEFAULT]
backend = auto
bantime = 5400
findtime = 600
maxretry = 5
destemail = webmaster@me.com
ignoreip = 127.0.0.1/8 213.146.159.xxx
logtargets = /var/log/fail2ban.log
Also when restarting the fail2ban service fail2ban clears the chain for the filter and parses the current log for matches, not the rotated logs. So you don't ban any IPs that were banned before logrotate rotated the old log.
will adding the following solve this problem?
/actions.d/pf.local
Code:
actionban = /sbin/pfctl -t fail2ban -T add <ip>/32 && /sbin/pfctl -k <ip> echo <ip> >> /etc/pf-files/fail2ban.pftable
Code:
table <fail2ban> counters file "/etc/pf-files/fail2ban.pftable"
Thank you
Last edited by a moderator: