Differences

This shows you the differences between two versions of the page.

--- howto:fail2ban [2020/07/02 22:59] – add rules for hack / spam logs ragnarok
+++ howto:fail2ban [2022/01/30 04:47] – Added new rule for clients consistently exceeding the maximum connection allowance Karloch
@@ Line 25: / Line 25: @@
 maxretry = 3
 findtime = 21600
+bantime = 21600
+[sbbs-ddos]
+enabled  = true
+filter   = sbbs-ddos
+action   = iptables-allports[name=SBBS-ddos, protocol=all]
+logpath  = /var/log/sbbs.log
+maxretry = 8
+findtime = 600
 bantime = 21600
@@ Line 65: / Line 74: @@
 failregex = Bad password from: <HOST>
             Throttling suspicious connection from: <HOST>
+ignoreregex =
+</code>
+Filter for ddos (/etc/fail2ban/filter.d/sbbs-ddos.conf)
+<code>
+[INCLUDES]
+before = common.conf
+[Definition]
+failregex = !Maximum concurrent connections without login (.*) reached from host: <HOST>
 ignoreregex =
 </code>
@@ Line 105: / Line 124: @@
 Status
 |- Number of jail:	7
-`- Jail list:	asterisk, nginx-botsearch, *sbbs-hack, *sbbs-main, *sbbs-smtp, *sbbs-spam, sshd
+`- Jail list:	asterisk, nginx-botsearch, *sbbs-hack, *sbbs-main, *sbbs-smtp, *sbbs-spam, *sbbs-ddos, sshd
 </code>
@@ Line 135: / Line 154: @@
 RETURN     all  --  0.0.0.0/0            0.0.0.0/0
+Chain fail2ban-SBBS-ddos (1 references)
+target     prot opt source               destination
+REJECT     all  --  110.53.221.190       0.0.0.0/0            reject-with icmp-port-unreachable
+RETURN     all  --  0.0.0.0/0            0.0.0.0/0
 </code>
 ===== See Also =====
   * [[:howto:|howto index]]

Trace:

Differences

Navigation

Search

Toolbox