Dwarf Fortress with Fail2Ban - jonatello/lab-musing GitHub Wiki
Note that this does require Linux binary compatibility, so on your host set "enable_linux=yes" within "rc.conf". If you're using FreeNAS, you would go under System > Tunables > Add Tunable, and add an entry with variable set to "linux_enable", value set to "yes", and type set to "rc.conf".
Configuration:
Update the jail
pkg update
pkg upgrade
Enable Linux ABI support via rc.conf (sometimes called Linux emulation)
sysrc linux_enable=yes
Configure SSH
Edit the SSH configuration to enable Password Authentication and bind to port 22
sed -i '' 's/#PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i '' 's/#Port 22/Port 22/g' /etc/ssh/sshd_config
Enable SSHD via rc.conf
sysrc sshd_enable=yes
Start the SSH Daemon
service sshd start
Add a user for access
adduser jonatello
Configure Dwarf Fortress
Install the Dwarf Fortress package
pkg install linux-dwarffortress-0.44.05
Update init.txt for all users to use TEXT mode
sed -i '' 's/[PRINT_MODE:2D]/[PRINT_MODE:TEXT]/g' /root/.dwarffortress/data/init/init.txt
Configure a NAT rule on the edge firewall for remote access
Configure ipfw and fail2ban
Install the fail2ban package
pkg install py36-fail2ban-0.10.2
Create and configure the fail2ban rules appropriately for sshd
vi /usr/local/etc/fail2ban/jail.d/ssh-ipfw.local
Or use dwarffortress.ssh-ipfw.local
Create and configure the ipfw rules appropriately
vi /usr/local/etc/ipfw.rules
Or use dwarffortress.ipfw.rules
Enable the ipfw firewall with a specific rules file via rc.conf
sysrc firewall_enable=yes
sysrc firewall_script=/usr/local/etc/ipfw.rules
Enable fail2ban via rc.conf
sysrc fail2ban_enable=yes
Usage
Add the new user
adduser %NewUser%
Copy and update permissions for .dwarffortress
cp -R /root/.dwarffortress /home/%NewUser%/
chown -R /home/%NewUser%
Troubleshooting
List ipfw firewall rules
ipfw list
List ipfw table 1 rules
ipfw table 1 list
Remove a specific %IPAddress% from the table 1
ipfw table 1 delete %IPAddress%