cd /usr/ports/
make search key=”fail2ban”
cd /usr/ports/security/py-fail2ban
make install clean
#
cd /usr/local/etc/fail2ban/action.d
vi pf.conf
#add:
1 2 3 4 5 6 7 8 | [Definition] actionstart = actionstop = actioncheck = actionban = /sbin/pfctl -t <tablename> -T add <ip>/32 actionunban = /sbin/pfctl -t <tablename> -T delete <ip>/32 [Init] tablename = fail2ban |
:wq!
cd /usr/local/etc/fail2ban/filter.d
vi sasl2.conf
#add:
1 2 3 4 5 6 | # Fail2Ban filter for postfix authentication failures
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ |
:wq!
cd ..
vi jail.conf
#add:
1 2 3 4 5 6 7 8 | [sasl] enabled = true port = smtp filter = sasl2 action = pf bantime = -1 logpath = /var/log/maillog maxretry = 1 |
:wq!
vi /etc/rc.conf
#add:
1 | fail2ban_enable="YES" |
:wq!
vi /etc/pf.conf
#add:
1 2 3 4 | table <fail2ban> persist block quick proto tcp from <fail2ban> to $ext_if port 22 block quick proto tcp from <fail2ban> to $ext_if port 25 block quick proto tcp from <fail2ban> to $ext_if port 465 |
:wq!
/usr/local/etc/rc.d/fail2ban restart
pfctl -f /etc/pf.conf
#
/sbin/pfctl -t fail2ban -T show
/sbin/pfctl -t fail2ban -T add ipaddress/32
/sbin/pfctl -t fail2ban -T delete ipaddress/32