====================================================== FreeBSD fail2ban ------------------------------------------------------ ====================================================== Setup IPFW ------------------------------------------------------ https://www.genunix.com/o1/freebsd_ipfw.txt ====================================================== install fail2ban ------------------------------------------------------ pkg install py39-fail2ban ====================================================== /usr/local/etc/fail2ban/fail2ban.local ------------------------------------------------------ [DEFAULT] allowipv6 = no ====================================================== /usr/local/etc/fail2ban/filter.d/wordpress.conf ------------------------------------------------------ [Definition] failregex = ^ .* "POST .*wp-login.php ^ .* "POST .*xmlrpc.php ignoreregex = ====================================================== /usr/local/etc/fail2ban/jail.local ------------------------------------------------------ [INCLUDES] before = paths-freebsd.conf [DEFAULT] action = bsd-ipfw banaction = bsd-ipfw ignoreip = 127.0.0.0/8 10.0.0.0/8 192.168.0.0/16 123.123.123.123/32 bantime = 1234567 findtime = 123456 maxretry = 2 [sshd] enabled = true [apache-auth] enabled = true logpath = /var/log/httpd-error.log /more/sites/*/logs/*-error.log [apache-badbots] enabled = true logpath = /var/log/httpd-error.log /more/sites/*/logs/*-error.log [apache-overflows] enabled = true logpath = /var/log/httpd-error.log /more/sites/*/logs/*-error.log [wordpress] ignoreip = 99.100.101.102 72.37.74.75 enabled = true logpath = /var/log/httpd-access.log /more/sites/*/logs/*-access.log [named-refused] enabled = true logpath = /var/log/messages [sendmail-auth] enabled = true [sendmail-reject] enabled = true [dovecot] enabled = true [roundcube-auth] enabled = true logpath = /usr/local/www/roundcube/logs/errors.log [openvpn] enabled = true logpath = /var/log/messages ====================================================== /etc/rc.conf ------------------------------------------------------ fail2ban_enable="YES" ====================================================== commands to learn and create useful scripts ------------------------------------------------------ ipfw table all list ipfw table all info ipfw table all detail fail2ban-client fail2ban-client status fail2ban-client status sshd fail2ban-client set sshd banip 222.222.222.222 fail2ban-client set sshd unbanip 222.222.222.0/24