# Fail2Ban configuration file # # Author: Nick Munger # Modified by: Andy Fragen and Daniel Black # # Mod for OS X, using random rulenum as OSX ipfw doesn't include tables # [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: IP address # Values: CMD # actionban = ipfw add set log from to # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: IP address # Values: CMD # actionunban = ipfw delete `ipfw -S list | grep -i 'set log from to ' | awk '{print $1;}'` [Init] # Option: port # Notes.: specifies port to block. Can be blank however may require block="ip" # Values: [ NUM | STRING ] # port = ssh # Option: dst # Notes.: the local IP address of the network interface # Values: IP, any, me or anything support by ipfw as a dst # dst = me # Option: block # Notes: This is how much to block. # Can be "ip", "tcp", "udp" or various other options. # Values: STRING block = tcp # Option: blocktype # Notes.: How to block the traffic. Use a action from man 8 ipfw # Common values: deny, unreach port, reset # Values: STRING # blocktype = unreach port # Option: set number # Notes.: The ipset number this is added to. # Values: 0-31 setnum = 10 # Option: number for ipfw rule # Notes: This is meant to be automaticly generated and not overwritten # Values: Random value between 10000 and 12000 rulenum="`echo $((RANDOM%%2000+10000))`" # Duplicate prevention mechanism #rulenum = "`a=$((RANDOM%%2000+10000)); while ipfw show | grep -q ^$a\ ; do a=$((RANDOM%%2000+10000)); done; echo $a`"