From 8ef506552f328856f31ddce729bb9470c09a8944 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Sun, 2 Apr 2017 22:44:45 -0600 Subject: [PATCH] Update jail.local --- freebsd/resources/fail2ban/jail.local | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/freebsd/resources/fail2ban/jail.local b/freebsd/resources/fail2ban/jail.local index dadc96f..003bd35 100755 --- a/freebsd/resources/fail2ban/jail.local +++ b/freebsd/resources/fail2ban/jail.local @@ -5,9 +5,9 @@ protocol = all filter = freeswitch #logpath = /var/log/freeswitch/freeswitch.log logpath = /usr/local/freeswitch/log/freeswitch.log -action = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp] maxretry = 5 findtime = 600 +banaction = pf bantime = 600 # sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed @@ -18,9 +18,9 @@ protocol = all filter = freeswitch #logpath = /var/log/freeswitch/freeswitch.log logpath = /usr/local/freeswitch/log/freeswitch.log -action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp] maxretry = 5 findtime = 600 +banaction = pf bantime = 600 # sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed @@ -31,9 +31,9 @@ bantime = 600 #filter = freeswitch-ip #logpath = /var/log/freeswitch/freeswitch.log logpath = /usr/local/freeswitch/log/freeswitch.log -#action = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp] #maxretry = 1 #findtime = 30 +#banaction = pf #bantime = 86400 #[freeswitch-ip-udp] @@ -43,9 +43,9 @@ logpath = /usr/local/freeswitch/log/freeswitch.log #filter = freeswitch-ip #logpath = /var/log/freeswitch/freeswitch.log logpath = /usr/local/freeswitch/log/freeswitch.log -#action = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp] #maxretry = 1 #findtime = 30 +#banaction = pf #bantime = 86400 [freeswitch-dos-udp] @@ -55,9 +55,9 @@ protocol = all filter = freeswitch-dos #logpath = /var/log/freeswitch/freeswitch.log logpath = /usr/local/freeswitch/log/freeswitch.log -action = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp] maxretry = 50 findtime = 30 +banaction = pf bantime = 6000 [freeswitch-dos-tcp] @@ -67,9 +67,9 @@ protocol = all filter = freeswitch-dos #logpath = /var/log/freeswitch/freeswitch.log logpath = /usr/local/freeswitch/log/freeswitch.log -action = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp] maxretry = 50 findtime = 30 +banaction = pf bantime = 6000 [freeswitch-404] @@ -79,9 +79,9 @@ protocol = all filter = freeswitch-404 #logpath = /var/log/freeswitch/freeswitch.log logpath = /usr/local/freeswitch/log/freeswitch.log -action = iptables-allports[name=freeswitch-404, protocol=all] maxretry = 3 findtime = 300 +banaction = pf bantime = 86400 [fusionpbx] @@ -90,10 +90,10 @@ port = 80,443 protocol = tcp filter = fusionpbx logpath = /var/log/auth.log -action = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp] # sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed maxretry = 10 findtime = 600 +banaction = pf bantime = 600 [nginx-404] @@ -102,6 +102,7 @@ port = 80,443 protocol = tcp filter = nginx-404 logpath = /var/log/nginx/access*.log +banaction = pf bantime = 600 findtime = 60 maxretry = 120 @@ -116,5 +117,6 @@ protocol = tcp filter = nginx-dos logpath = /var/log/nginx/access*.log findtime = 60 +banaction = pf bantime = 172800 maxretry = 240