Копируем основной файл в local и редактируем:
# cp /usr/local/etc/fail2ban/jail.conf /usr/local/etc/fail2ban/jail.local
# vi /usr/local/etc/fail2ban/jail.local [DEFAULT] #Список IP адресов, которые будут игнорироваться ignoreip = 127.0.0.1/8 192.168.1.0/24
[sshd] enabled = true port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s # Добавить IP нарутеля в таблицу sshd IPFW action = bsd-ipfw[table=sshd] # Количество залетов maxretry = 3 # Время бана в секундах bantime = 10800
Включим IPFW и fail2ban:
# vi /etc/rc.conf firewall_enable="YES" firewall_logging="YES" firewall_script="/etc/fw.sh" fail2ban_enable="YES"
IPFW открыт по умолчанию:
# vi /boot/loader.conf net.inet.ip.fw.default_to_accept=1
# kenv net.inet.ip.fw.default_to_accept=1
Создадим файл конфигурации ipfw:
# vi /etc/fw.sh #!/bin/sh ipfw="/sbin/ipfw -q" ${ipfw} -f flush ${ipfw} add allow ip from any to any via lo0 ${ipfw} add deny ip from any to 127.0.0.0/8 ${ipfw} add deny ip from 127.0.0.0/8 to any ${ipfw} add deny ip from table'(sshd)' to any ${ipfw} add allow ip from any to any
# fail2ban-client status Status |- Number of jail: 1 `- Jail list: sshd
# ipfw show 00100 268288 38198600 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 4625 278780 deny ip from table(sshd) to any 00500 35673934 66335954814 allow ip from any to any 65535 0 0 allow ip from any to any
# fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 90 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 0 |- Total banned: 23 `- Banned IP list:
# less /var/log/fail2ban.log | grep Ban 2023-12-13 18:02:00,044 fail2ban.actions [74454]: NOTICE [sshd] Ban 1.1.1.1 ...
Разбанить IP:
# fail2ban-client set sshd unbanip 1.1.1.1
Код обмена баннерами