Fail2ban

Murus
Post Reply
JMRIT
Posts: 1
Joined: Wed Feb 18, 2015 6:01 pm

Fail2ban

Post by JMRIT » Wed Feb 18, 2015 6:04 pm

Installed via macports any idea how to integrate it with murus please

hany
Posts: 466
Joined: Wed Dec 10, 2014 5:20 pm

Re: Fail2ban

Post by hany » Fri Feb 20, 2015 8:17 pm

No sorry, no idea. Are you sure fail2ban is compatible with PF ?

rafalglog
Posts: 2
Joined: Wed Jan 14, 2015 9:18 am

Re: Fail2ban

Post by rafalglog » Wed Feb 25, 2015 10:27 am

I think, but not sure, Fail2Ban has the same or very similar functionality like brute force adaptive service?

thodem
Posts: 2
Joined: Tue Jan 05, 2016 5:53 pm

Re: Fail2ban

Post by thodem » Tue Jan 05, 2016 6:00 pm

fail2ban is compatible with pf,
I used icefloor before, ans there had some action like "pf-icefloor"
which called pf-icefloor.conf:

Code: Select all

actionban = /sbin/pfctl -a <anchor> -t <pftable> -T add <ip> && /sbin/pfctl -k <ip>


# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionunban = /sbin/pfctl -a <anchor> -t <pftable> -T delete <ip>


[Init]

# Option:  anchor
# Notes.:  specifies pf anchor. We use IceFloor's main anchor
# Values:  STRING
#
#anchor = 800.icefloor
anchor = inspector.blocks

# Option:  pftable
# Notes.:  the table used to block IPs. We use IceFloor's bruteforce table.
# Values:  STRING
#
pftable = bruteforce
but how can I use ist with murus, which table I can use or have I to create a new one?

hany
Posts: 466
Joined: Wed Dec 10, 2014 5:20 pm

Re: Fail2ban

Post by hany » Tue Jan 05, 2016 7:21 pm

but how can I use ist with murus, which table I can use or have I to create a new one?
It's pretty easy as Murus provides a dedicated pf table (and a default dedicated block rule with the 'quick' option) like IceFloor did:

anchor: murus.inbound
table: bruteforce

Let me know if it works :)

thodem
Posts: 2
Joined: Tue Jan 05, 2016 5:53 pm

Re: Fail2ban

Post by thodem » Thu Mar 24, 2016 8:03 pm

it works! :)


Code: Select all

actionban = /sbin/pfctl -a <anchor> -t <pftable> -T add <ip> && /sbin/pfctl -k <ip>

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#
actionunban = /sbin/pfctl -a <anchor> -t <pftable> -T delete <ip>

[Init]
# Option:  anchor
anchor = murus.inbound

# Option:  pftable
# Notes.:  the table used to block IPs. We use murus's bruteforce table.
pftable = bruteforce

hany
Posts: 466
Joined: Wed Dec 10, 2014 5:20 pm

Re: Fail2ban

Post by hany » Thu Mar 24, 2016 10:25 pm

That's great! :ugeek:

Post Reply