From 51fd8fac27725c4d44e89a8e74a4dd7b005d05dd Mon Sep 17 00:00:00 2001 From: Cyril Jaquier Date: Thu, 19 Oct 2006 20:15:24 +0000 Subject: [PATCH] - Added ipfw action script and example. Thanks to Nick Munger git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@421 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- CHANGELOG | 3 +- MANIFEST | 1 + config/action.d/ipfw.conf | 66 +++++++++++++++++++++++++++++++++++++++ config/jail.conf | 12 +++++++ 4 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 config/action.d/ipfw.conf diff --git a/CHANGELOG b/CHANGELOG index 10a20fb8d..58c282bca 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -15,7 +15,8 @@ ver. 0.7.4 (2006/??/??) - beta - Added "-s" option to specify the socket path and "socket" option in "fail2ban.conf" - Added "backend" option in "jail.conf" -- Added more filters/actions and jail samples +- Added more filters/actions and jail samples. Thanks to Nick + Munger - Improved testing framework ver. 0.7.3 (2006/09/28) - beta diff --git a/MANIFEST b/MANIFEST index 4fb365930..b5ee598df 100644 --- a/MANIFEST +++ b/MANIFEST @@ -60,6 +60,7 @@ config/filter.d/sshd.conf config/filter.d/proftpd.conf config/filter.d/sasl.conf config/action.d/iptables.conf +config/action.d/ipfw.conf config/action.d/mail-whois.conf config/action.d/mail.conf config/action.d/hostsdeny.conf diff --git a/config/action.d/ipfw.conf b/config/action.d/ipfw.conf new file mode 100644 index 000000000..2f4de5a51 --- /dev/null +++ b/config/action.d/ipfw.conf @@ -0,0 +1,66 @@ +# Fail2Ban configuration file +# +# Author: Nick Munger +# Modified by: Cyril Jaquier +# +# $Revision: 254 $ +# + +[Definition] + +# Option: fwstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + + +# Option: fwend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + + +# Option: fwcheck +# Notes.: command executed once before each fwban command +# Values: CMD +# +actioncheck = + + +# Option: fwban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# number of failures +# unix timestamp of the last failure +# unix timestamp of the ban time +# Values: CMD +# +actionban = ipfw add deny tcp from to + + +# Option: fwunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# unix timestamp of the ban time +# unix timestamp of the unban time +# Values: CMD +# +actionunban = ipfw delete `ipfw list | grep -i | awk '{print $1;}'` + +[Init] + +# Option: port +# Notes.: specifies port to monitor +# Values: [ NUM | STRING ] +# +port = ssh + +# Option: localhost +# Notes.: the local IP address of the network interface +# Values: IP +# +localhost = 127.0.0.1 diff --git a/config/jail.conf b/config/jail.conf index 3716d7838..d915de8c1 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -121,3 +121,15 @@ filter = apache-noscript action = shorewall mail[name=Postfix, dest=yourmail@mail.com] logpath = /var/log/apache2/error_log + +# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" +# option is overridden in this jail. + +[ssh-ipfw] + +enabled = false +filter = sshd +action = ipfw[localhost=192.168.0.1] + mail-whois[name=SSH, dest=yourmail@mail.com] +logpath = /var/log/auth.log +ignoreip = 168.192.0.1