diff --git a/freebsd/resources/fail2ban/jail.local b/freebsd/resources/fail2ban/jail.local new file mode 100755 index 0000000..d47dc0d --- /dev/null +++ b/freebsd/resources/fail2ban/jail.local @@ -0,0 +1,113 @@ +[freeswitch-udp] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp] +maxretry = 5 +findtime = 600 +bantime = 600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +[freeswitch-tcp] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp] +maxretry = 5 +findtime = 600 +bantime = 600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +#[freeswitch-ip-tcp] +#enabled = true +#port = 5060,5061,5080,5081 +#protocol = all +#filter = freeswitch-ip +#logpath = /var/log/freeswitch/freeswitch.log +#action = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp] +#maxretry = 1 +#findtime = 30 +#bantime = 86400 + +#[freeswitch-ip-udp] +#enabled = true +#port = 5060,5061,5080,5081 +#protocol = all +#filter = freeswitch-ip +#logpath = /var/log/freeswitch/freeswitch.log +#action = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp] +#maxretry = 1 +#findtime = 30 +#bantime = 86400 + +[freeswitch-dos-udp] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch-dos +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp] +maxretry = 50 +findtime = 30 +bantime = 6000 + +[freeswitch-dos-tcp] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch-dos +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp] +maxretry = 50 +findtime = 30 +bantime = 6000 + +[freeswitch-404] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch-404 +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-allports[name=freeswitch-404, protocol=all] +maxretry = 3 +findtime = 300 +bantime = 86400 + +[fusionpbx] +enabled = true +port = 80,443 +protocol = tcp +filter = fusionpbx +logpath = /var/log/auth.log +action = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp] +# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed +maxretry = 10 +findtime = 600 +bantime = 600 + +[nginx-404] +enabled = true +port = 80,443 +protocol = tcp +filter = nginx-404 +logpath = /var/log/nginx/access*.log +bantime = 600 +findtime = 60 +maxretry = 120 + +[nginx-dos] +# Based on apache-badbots but a simple IP check (any IP requesting more than +# 240 pages in 60 seconds, or 4p/s average, is suspicious) +# Block for two full days. +enabled = true +port = 80,443 +protocol = tcp +filter = nginx-dos +logpath = /var/log/nginx/access*.log +findtime = 60 +bantime = 172800 +maxretry = 240 diff --git a/freebsd/resources/switch/rc.d.freeswitch b/freebsd/resources/switch/rc.d.freeswitch new file mode 100755 index 0000000..39ece95 --- /dev/null +++ b/freebsd/resources/switch/rc.d.freeswitch @@ -0,0 +1,29 @@ +#!/bin/sh +# +# PROVIDE: freeswitch +# REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf to enable freeswitch: +# freeswitch_enable: Set it to "YES" to enable freeswitch. +# Default is "NO". +# freeswitch_flags: Flags passed to freeswitch-script on startup. +# Default is "". +# +. /etc/rc.subr +name="freeswitch" +rcvar=${name}_enable +load_rc_config $name +: ${freeswitch_enable="NO"} +: ${freeswitch_pidfile="/usr/local/freeswitch/run/freeswitch.pid"} +start_cmd=${name}_start +stop_cmd=${name}_stop +pidfile=${freeswitch_pidfile} +freeswitch_start() { + /usr/local/freeswitch/bin/freeswitch ${freeswitch_flags} + echo -n "Starting FreeSWITCH: " +} +freeswitch_stop() { + /usr/local/freeswitch/bin/freeswitch -stop +} +run_rc_command "$1"