* iptables-multiport is default action to take since Debian kernel arrives

with multiport module. That is to address the fact that most services
  listen on multiple port (for encrypted and non-encrypted connections)
* Added [courierauth] jail (First 2 items are to partially address #407404
pull/3/head
Yaroslav Halchenko 2007-01-18 15:41:49 +00:00
parent 85d8604209
commit 7a1dd9e98c
2 changed files with 35 additions and 12 deletions

9
debian/changelog vendored
View File

@ -1,3 +1,12 @@
fail2ban (0.7.6-2) unstable; urgency=low
* iptables-multiport is default action to take since Debian kernel arrives
with multiport module. That is to address the fact that most services
listen on multiple port (for encrypted and non-encrypted connections)
* Added [courierauth] jail (First 2 items are to partially address #407404
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 18 Jan 2007 10:35:36 -0500
fail2ban (0.7.6-1) unstable; urgency=low
* New upstream release, which incorporates fixes introduced in 3~pre

38
debian/jail.conf vendored
View File

@ -41,7 +41,7 @@ destemail = root@localhost
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overriden globally or per
# section within jail.local file
banaction = iptables
banaction = iptables-multiport
#
@ -82,7 +82,7 @@ action = %(action_)s
[ssh]
enabled = true
port = ssh
port = ssh,sftp
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
@ -91,7 +91,7 @@ maxretry = 6
[ssh-ddos]
enabled = false
port = ssh
port = ssh,sftp
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 6
@ -103,15 +103,16 @@ maxretry = 6
[apache]
enabled = false
port = http
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 6
# default action is now multiport, so apache-multiport jail was left
# for compatibility with previous (<0.7.6-2) releases
[apache-multiport]
enabled = false
banaction = iptables-multiport
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*access.log
@ -120,7 +121,7 @@ maxretry = 6
[apache-noscript]
enabled = false
port = http
port = http,https
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6
@ -132,7 +133,7 @@ maxretry = 6
[vsftpd]
enabled = false
port = ftp
port = ftp,ftp-data,ftps,ftps-data
filter = vsftpd
logpath = /var/log/vsftpd.log
# or overwrite it in jails.local to be
@ -145,7 +146,7 @@ maxretry = 6
[proftpd]
enabled = false
port = ftp
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
@ -154,7 +155,7 @@ maxretry = 6
[wuftpd]
enabled = false
port = ftp
port = ftp,ftp-data,ftps,ftps-data
filter = wuftpd
logpath = /var/log/auth.log
maxretry = 6
@ -167,7 +168,7 @@ maxretry = 6
[postfix]
enabled = false
port = smtp
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
@ -175,14 +176,27 @@ logpath = /var/log/mail.log
[couriersmtp]
enabled = false
port = smtp
port = smtp,ssmtp
filter = couriersmtp
logpath = /var/log/mail.log
#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#
[courierauth]
enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = courierauth
logpath = /var/log/mail.log
[sasl]
enabled = false
port = smtp
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = sasl
logpath = /var/log/mail.log