From 5fd5a8112a4ec21c372574c472c2b6f334cda9b3 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 8 Aug 2007 22:49:58 +0000
Subject: [PATCH] - Added named (bind9) example. Thanks to Yaroslav Halchenko

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@611 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/jail.conf | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/config/jail.conf b/config/jail.conf
index 8dbbfd13..d61e7b6f 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -165,3 +165,41 @@ action   = ipfw[localhost=192.168.0.1]
            sendmail-whois[name="SSH,IPFW", dest=you@mail.com]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1
+
+# These jails block attacks against named (bind9). By default, logging is off
+# with bind9 installation. You will need something like this:
+#
+# logging {
+#     channel lame-servers_file {
+#         file "/var/log/named/lame-servers.log" versions 3 size 30m;
+#         severity dynamic;
+#         print-time yes;
+#     };
+#     category lame-servers {
+#         lame-servers_file;
+#     };
+# }
+#
+# in your named.conf to provide proper logging.
+# This jail blocks UDP traffic for DNS requests.
+
+[named-refused-udp]
+
+enabled  = false
+filter   = named-refused
+action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
+           sendmail-whois[name=Named, dest=you@mail.com]
+logpath  = /var/log/named/lame-servers.log
+ignoreip = 168.192.0.1
+
+# This jail blocks TCP traffic for DNS requests.
+
+[named-refused-tcp]
+
+enabled  = false
+filter   = named-refused
+action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
+           sendmail-whois[name=Named, dest=you@mail.com]
+logpath  = /var/log/named/lame-servers.log
+ignoreip = 168.192.0.1
+