======================================= FreeBSD fail2ban --------------------------------------- How to do it ======================================= Setup IPFW --------------------------------------- https://www.genunix.com/o1/freebsd_ipfw.txt ======================================= install fail2ban --------------------------------------- pkg install py39-fail2ban ======================================= /usr/local/etc/fail2ban/fail2ban.local --------------------------------------- [DEFAULT] allowipv6 = no ======================================= /usr/local/etc/fail2ban/filter.d/apache-404.conf --------------------------------------- [Definition] failregex = ^.*"(GET|POST).*" 404 .*$ ignoreregex = (?i).*"(GET|POST).*HTTP.*".*"(?:Googlebot|Bingbot|Yahoo! Slurp|DuckDuckBot|Baiduspider|YandexBot|bot|crawler|spider)" |.*robots\.txt|favicon\.ico|\.jpg|\.png|\.css|\.js|index\.html|index\.php ======================================= /usr/local/etc/fail2ban/filter.d/wordpress.conf --------------------------------------- [Definition] failregex = ^ .* "POST .*wp-login\.php ^ .* "POST .*xmlrpc\.php ignoreregex = ======================================= /usr/local/etc/fail2ban/filter.d/sendmail-mta.conf --------------------------------------- [Definition] failregex = ^.*sm-mta-in.*: .*relay=\s*\], reject=.*Access denied$ ignoreregex = ======================================= /usr/local/etc/fail2ban/jail.local --------------------------------------- [INCLUDES] before = paths-freebsd.conf [DEFAULT] action = bsd-ipfw banaction = bsd-ipfw ignoreip = 127.0.0.0/8 10.0.0.0/8 192.168.0.0/16 123.123.123.123/32 bantime = 1234567 findtime = 123456 maxretry = 2 [sshd] enabled = true [apache-auth] enabled = true logpath = /var/log/httpd-error.log /more/sites/*/logs/*-error.log [apache-badbots] enabled = true logpath = /var/log/httpd-error.log /more/sites/*/logs/*-error.log [apache-overflows] enabled = true logpath = /var/log/httpd-error.log /more/sites/*/logs/*-error.log [apache-404] enabled = true logpath = /var/log/httpd-access.log /more/sites/*/logs/*-access.log findtime = 90 maxretry = 9 [wordpress] ignoreip = 99.100.101.102 72.37.74.75 enabled = true logpath = /var/log/httpd-access.log /more/sites/*/logs/*-access.log [named-refused] enabled = true logpath = /var/log/messages [sendmail-mta] enabled = true logpath = /var/log/maillog findtime = 604800 bantime = 86400 [sendmail-auth] enabled = true [sendmail-reject] enabled = true [dovecot] enabled = true [roundcube-auth] enabled = true logpath = /usr/local/www/roundcube/logs/errors.log [openvpn] enabled = true logpath = /var/log/messages ======================================= /etc/rc.conf --------------------------------------- fail2ban_enable="YES" ======================================= test a filter --------------------------------------- fail2ban-regex /var/log/httpd-access.log /usr/local/etc/fail2ban/filter.d/apache-404.conf ======================================= commands to learn and create useful scripts --------------------------------------- ipfw table all list fail2ban-client fail2ban-client -d fail2ban-client status fail2ban-client status sshd fail2ban-client set sshd banip 222.222.222.222 fail2ban-client set sshd unbanip 222.222.222.0/24 fail2ban-client reload fail2ban-client restart sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 ======================================= End =======================================