* iptables-multiport is default action to take since Debian kernel arrives

with multiport module. That is to address the fact that most services listen on multiple port (for encrypted and non-encrypted connections) * Added [courierauth] jail (First 2 items are to partially address #407404
2007-01-18 15:41:49 +00:00 · 2007-01-18 15:41:49 +00:00 · 7a1dd9e98c
parent 85d8604209
commit 7a1dd9e98c
2 changed files with 35 additions and 12 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,12 @@
+fail2ban (0.7.6-2) unstable; urgency=low
+
+  * iptables-multiport is default action to take since Debian kernel arrives
+    with multiport module. That is to address the fact that most services
+    listen on multiple port (for encrypted and non-encrypted connections)
+  * Added [courierauth] jail (First 2 items are to partially address #407404
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 18 Jan 2007 10:35:36 -0500
+
 fail2ban (0.7.6-1) unstable; urgency=low

  * New upstream release, which incorporates fixes introduced in 3~pre
--- a/debian/jail.conf
+++ b/debian/jail.conf
@ -41,7 +41,7 @@ destemail = root@localhost
 # iptables-multiport, shorewall, etc) It is used to define 
 # action_* variables. Can be overriden globally or per 
 # section within jail.local file
-banaction = iptables
+banaction = iptables-multiport


 #
@ -82,7 +82,7 @@ action = %(action_)s
 [ssh]

 enabled = true
-port	= ssh
+port	= ssh,sftp
 filter	= sshd
 logpath  = /var/log/auth.log
 maxretry = 6
@ -91,7 +91,7 @@ maxretry = 6
 [ssh-ddos]

 enabled = false
-port    = ssh
+port    = ssh,sftp
 filter  = sshd-ddos
 logpath  = /var/log/auth.log
 maxretry = 6
@ -103,15 +103,16 @@ maxretry = 6
 [apache]

 enabled = false
-port	= http
+port	= http,https
 filter	= apache-auth
 logpath = /var/log/apache*/*access.log
 maxretry = 6

+# default action is now multiport, so apache-multiport jail was left
+# for compatibility with previous (<0.7.6-2) releases
 [apache-multiport]

 enabled   = false
-banaction = iptables-multiport
 port	  = http,https
 filter	  = apache-auth
 logpath   = /var/log/apache*/*access.log
@ -120,7 +121,7 @@ maxretry  = 6
 [apache-noscript]

 enabled = false
-port    = http
+port    = http,https
 filter  = apache-noscript
 logpath = /var/log/apache*/*error.log
 maxretry = 6
@ -132,7 +133,7 @@ maxretry = 6
 [vsftpd]

 enabled  = false
-port	 = ftp
+port	 = ftp,ftp-data,ftps,ftps-data
 filter   = vsftpd
 logpath  = /var/log/vsftpd.log
 # or overwrite it in jails.local to be
@ -145,7 +146,7 @@ maxretry = 6
 [proftpd]

 enabled  = false
-port	 = ftp
+port	 = ftp,ftp-data,ftps,ftps-data
 filter   = proftpd
 logpath  = /var/log/proftpd/proftpd.log
 maxretry = 6
@ -154,7 +155,7 @@ maxretry = 6
 [wuftpd]

 enabled  = false
-port	 = ftp
+port	 = ftp,ftp-data,ftps,ftps-data
 filter   = wuftpd
 logpath  = /var/log/auth.log
 maxretry = 6
@ -167,7 +168,7 @@ maxretry = 6
 [postfix]

 enabled  = false
-port	 = smtp
+port	 = smtp,ssmtp
 filter   = postfix
 logpath  = /var/log/mail.log

@ -175,14 +176,27 @@ logpath  = /var/log/mail.log
 [couriersmtp]

 enabled  = false
-port	 = smtp
+port	 = smtp,ssmtp
 filter   = couriersmtp
 logpath  = /var/log/mail.log


+#
+# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
+# all relevant ports get banned
+#
+
+[courierauth]
+
+enabled  = false
+port	 = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
+filter   = courierauth
+logpath  = /var/log/mail.log
+
+
 [sasl]

 enabled  = false
-port	 = smtp
+port	 = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
 filter   = sasl
 logpath  = /var/log/mail.log