FreeBSD and fail2ban

July 16, 2021

Hey,

To go on configuring my FreeBSD server, I install my traditionnal package : “fail2ban”. By the way with Linux distro, apt install fail2ban is enough.

Not now :D

You must add :

root@pluton:/usr/local/etc/fail2ban/jail.d# cat ssh-ipfw.local 
[ssh-ipfw]
enabled = true
filter = sshd
action = ipfw[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/auth.log
findtime = 600
maxretry = 3
bantime = 3600
root@pluton:/usr/local/etc/fail2ban/jail.d#

And edit action file so that “localhost” is your public IP :

root@pluton:/usr/local/etc/fail2ban/action.d# cat ipfw.conf 
# Fail2Ban configuration file
#
# Author: Nick Munger
# Modified by: Cyril Jaquier
#
#
[...]
# Option:  localhost
# Notes.:  the local IP address of the network interface
# Values:  IP
#
localhost = <YOUR_PUBLIC_IP_ADDRESS>

# Option:  blocktype
# Notes.:  How to block the traffic. Use a action from man 5 ipfw
#          Common values: deny, unreach port, reset
# Values:  STRING
#
blocktype = unreach port
root@pluton:/usr/local/etc/fail2ban/action.d#