fail2ban 0.9

With the recent release of fail2ban 0.9 there are very important improvements to the journal and firewalld integration. With these simple configurations, I get fail2ban working in Fedora 20 without a syslog daemon and avoiding being DOSed  by a local user.

/etc/fail2ban/fail2ban.local

[Definition]
loglevel = INFO
logtarget = SYSLOG

In /etc/fail2ban/jail.local we set the backend to systemd, so we monitor directly the journal, we also choose as default action firewallcmd-ipset, so the rules are inserted with firewall-cmd and use the ipset facility. Finally, all the jails needed are enabled.

[DEFAULT]
backend = systemd
banaction = firewallcmd-ipset
bantime = 3600

[sshd]
enabled = true

[postfix]
enabled = true

[dovecot]
enabled = true

Updated on September 9 2014:
As ipset holds its own timeout, we have to configure it in the actions file /etc/fail2ban/action.d/firewallcmd-ipset.local

[Init]
bantime = 3600

To check the contents of the IP sets:

# ipset list
Name: fail2ban-sshd
Type: hash:ip
Revision: 2
Header: family inet hashsize 1024 maxelem 65536 timeout 3600
Size in memory: 16664
References: 1
Members:
61.153.105.66 timeout 2817
116.10.191.178 timeout 3178

Name: fail2ban-postfix
Type: hash:ip
Revision: 2
Header: family inet hashsize 1024 maxelem 65536 timeout 3600
Size in memory: 16504
References: 1
Members:

Advertisements

2 thoughts on “fail2ban 0.9”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s