Merge branch 'master' of git://github.com/fail2ban/fail2ban

* 'master' of git://github.com/fail2ban/fail2ban: add blocking type add example jail.conf for blocking through blackhole routes for ssh add support for blocking through blackhole routes
2013-02-18 23:12:06 -05:00 · 2013-02-18 23:12:06 -05:00 · a8bd9c20a0
parent 40c5a2d996 d5ae28facf
commit a8bd9c20a0
2 changed files with 36 additions and 0 deletions
--- a/config/action.d/route.conf
+++ b/config/action.d/route.conf
@ -0,0 +1,25 @@
+# Fail2Ban configuration file
+#
+# Author: Michael Gebetsroither
+#
+# This is for blocking whole hosts through blackhole routes.
+#
+# PRO:
+#   - Works on all kernel versions and as no compatibility problems (back to debian lenny and WAY further).
+#   - It's FAST for very large numbers of blocked ips.
+#   - It's FAST because it Blocks traffic before it enters common iptables chains used for filtering.
+#   - It's per host, ideal as action against ssh password bruteforcing to block further attack attempts.
+#   - No additional software required beside iproute/iproute2
+#
+# CON:
+#   - Blocking is per IP and NOT per service, but ideal as action against ssh password bruteforcing hosts
+
+[Definition]
+actionban   = ip route add <type> <ip>
+actionunban = ip route del <type> <ip>
+
+# Type of blocking
+#
+# Type can be blackhole, unreachable and prohibit. Unreachable and prohibit correspond to the ICMP reject messages.
+
+type = blackhole
--- a/config/jail.conf
+++ b/config/jail.conf
@ -101,6 +101,17 @@ action      = hostsdeny
 ignoreregex = for myuser from
 logpath     = /var/log/sshd.log

+# Here we use blackhole routes for not requiring any additional kernel support
+# to store large volumes of banned IPs
+
+[ssh-route]
+
+enabled = false
+filter = sshd
+action = route
+logpath = /var/log/sshd.log
+maxretry = 5
+
 # Here we use a combination of Netfilter/Iptables and IPsets
 # for storing large volumes of banned IPs
 #