Created
July 27, 2012 16:38
-
-
Save afragen/3189046 to your computer and use it in GitHub Desktop.
pf action.d filter for fail2ban
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Fail2Ban configuration file | |
# | |
# OpenBSD pf ban/unban | |
# | |
# Author: Nick Hilliard <nick@foobar.org> | |
# http://pastebin.com/wXESQ1b4 | |
# | |
[Definition] | |
# Option: actionstart | |
# Notes.: command executed once at the start of Fail2Ban. | |
# Values: CMD | |
# | |
# we don't enable PF automatically, as it will be enabled elsewhere | |
actionstart = | |
# Option: actionstop | |
# Notes.: command executed once at the end of Fail2Ban | |
# Values: CMD | |
# | |
# we don't disable PF automatically either | |
actionstop = | |
# Option: actioncheck | |
# Notes.: command executed once before each actionban command | |
# Values: CMD | |
# | |
actioncheck = | |
# Option: actionban | |
# Notes.: command executed when banning an IP. Take care that the | |
# command is executed with Fail2Ban user rights. | |
# Tags: <ip> IP address | |
# <failures> number of failures | |
# <time> unix timestamp of the ban time | |
# Values: CMD | |
# | |
#original line with subnet ban: | |
#actionban = /sbin/pfctl -t fail2ban -T add <ip>/32 | |
actionban = /sbin/pfctl -t fail2ban -T add <ip> | |
# Option: actionunban | |
# Notes.: command executed when unbanning an IP. Take care that the | |
# command is executed with Fail2Ban user rights. | |
# Tags: <ip> IP address | |
# <failures> number of failures | |
# <time> unix timestamp of the ban time | |
# Values: CMD | |
# | |
# note -r option used to remove matching rule | |
# | |
#original line with subnet unban: | |
#actionunban = /sbin/pfctl -t fail2ban -T delete <ip>/32 | |
# line recommended by JonDo: | |
actionunban = pfctl -t fail2ban -T delete `pfctl -t fail2ban -T show 2>/dev/null | grep <ip>` | |
# actionunban = /sbin/pfctl -t fail2ban -T delete <ip> | |
[Init] | |
port = ssh | |
localhost = 127.0.0.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment