Skip to content

Instantly share code, notes, and snippets.

@afragen
Created July 27, 2012 16:38
Show Gist options
  • Save afragen/3189046 to your computer and use it in GitHub Desktop.
Save afragen/3189046 to your computer and use it in GitHub Desktop.
pf action.d filter for fail2ban
# Fail2Ban configuration file
#
# OpenBSD pf ban/unban
#
# Author: Nick Hilliard <nick@foobar.org>
# http://pastebin.com/wXESQ1b4
#
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
# we don't enable PF automatically, as it will be enabled elsewhere
actionstart =
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
# we don't disable PF automatically either
actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
#original line with subnet ban:
#actionban = /sbin/pfctl -t fail2ban -T add <ip>/32
actionban = /sbin/pfctl -t fail2ban -T add <ip>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
# note -r option used to remove matching rule
#
#original line with subnet unban:
#actionunban = /sbin/pfctl -t fail2ban -T delete <ip>/32
# line recommended by JonDo:
actionunban = pfctl -t fail2ban -T delete `pfctl -t fail2ban -T show 2>/dev/null | grep <ip>`
# actionunban = /sbin/pfctl -t fail2ban -T delete <ip>
[Init]
port = ssh
localhost = 127.0.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment