ee /etc/rc.conf 开机启动项目 firewall_enable="YES" firewall_type="open" firewall_script="/usr/local/etc/ipfw.rules" 编辑规则 /usr/local/etc/ipfw.rule:

vi /usr/local/etc/ipfw.rules

Append following code:

IPF="ipfw -q add" ipfw -q -f flush

#loopback $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag

statefull

$IPF 50 check-state $IPF 60 allow tcp from any to any established $IPF 70 allow all from any to any out keep-state $IPF 80 allow icmp from any to any

open port ftp (20,21), ssh (22), mail (25)

http (80), dns (53) etc

$IPF 110 allow tcp from any to any 21 in $IPF 120 allow tcp from any to any 21 out $IPF 130 allow tcp from any to any 22 in $IPF 140 allow tcp from any to any 22 out $IPF 150 allow tcp from any to any 25 in $IPF 160 allow tcp from any to any 25 out $IPF 170 allow udp from any to any 53 in $IPF 175 allow tcp from any to any 53 in $IPF 180 allow udp from any to any 53 out $IPF 185 allow tcp from any to any 53 out $IPF 200 allow tcp from any to any 80 in $IPF 210 allow tcp from any to any 80 out

deny and log everything

$IPF 500 deny log all from any to any

Faile2ban相关设置

1、安装pkg install py38-fail2ban

cd /usr/ports/security/py-fail2ban make install clean 2、设置

1）开机启动

sysrc fail2ban_enable="YES" 2)创建/usr/local/etc/fail2ban/action.d/ipfw-table.local，内容如下

Fail2Ban configuration file

[Definition]

actionstart = actionstop = actioncheck = actionban = ipfw table 1 add actionunban = ipfw table 1 delete 3)创建/usr/local/etc/fail2ban/jail.d/ssh_ipfw.local，内容如下

[DEFAULT] ignoreip = 127.0.0.1/8

JAILS

[sshd] enabled = true mode = aggressive action = ipfw-table[name=SSH,port=ssh,protocol=tcp] logpath = /var/log/auth.log findtime = 600 maxretry = 3 bantime = 3600 三、重启IPFW和Fail2ban服务，

service ipfw restart service fail2ban start

[Definition]

actionstart = actionstop = actioncheck = actionban = ipfw table 1 add actionunban = ipfw table 1 delete