freebsd 13 fail2ban ipfw - bestliutao/freebsd GitHub Wiki
ee /etc/rc.conf 开机启动项目 firewall_enable="YES" firewall_type="open" firewall_script="/usr/local/etc/ipfw.rules" 编辑规则 /usr/local/etc/ipfw.rule:
vi /usr/local/etc/ipfw.rules
Append following code:
IPF="ipfw -q add" ipfw -q -f flush
#loopback $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag
statefull
$IPF 50 check-state $IPF 60 allow tcp from any to any established $IPF 70 allow all from any to any out keep-state $IPF 80 allow icmp from any to any
open port ftp (20,21), ssh (22), mail (25)
http (80), dns (53) etc
$IPF 110 allow tcp from any to any 21 in $IPF 120 allow tcp from any to any 21 out $IPF 130 allow tcp from any to any 22 in $IPF 140 allow tcp from any to any 22 out $IPF 150 allow tcp from any to any 25 in $IPF 160 allow tcp from any to any 25 out $IPF 170 allow udp from any to any 53 in $IPF 175 allow tcp from any to any 53 in $IPF 180 allow udp from any to any 53 out $IPF 185 allow tcp from any to any 53 out $IPF 200 allow tcp from any to any 80 in $IPF 210 allow tcp from any to any 80 out
deny and log everything
$IPF 500 deny log all from any to any
Faile2ban相关设置
1、安装pkg install py38-fail2ban
cd /usr/ports/security/py-fail2ban make install clean 2、设置
1)开机启动
sysrc fail2ban_enable="YES" 2)创建/usr/local/etc/fail2ban/action.d/ipfw-table.local,内容如下
Fail2Ban configuration file
[Definition]
actionstart = actionstop = actioncheck = actionban = ipfw table 1 add actionunban = ipfw table 1 delete 3)创建/usr/local/etc/fail2ban/jail.d/ssh_ipfw.local,内容如下
[DEFAULT] ignoreip = 127.0.0.1/8
JAILS
[sshd] enabled = true mode = aggressive action = ipfw-table[name=SSH,port=ssh,protocol=tcp] logpath = /var/log/auth.log findtime = 600 maxretry = 3 bantime = 3600 三、重启IPFW和Fail2ban服务,
service ipfw restart service fail2ban start
[Definition]
actionstart = actionstop = actioncheck = actionban = ipfw table 1 add actionunban = ipfw table 1 delete