Browse Source

* split config

master
Alex 'AdUser' Z 9 years ago
parent
commit
3f64d29899
  1. 10
      docs/conf-available/10-backend-exec-ipset.conf
  2. 5
      docs/conf-available/15-filter-pcre.conf
  3. 3
      docs/conf-available/15-filter-preg.conf
  4. 23
      docs/f2b.conf.sample

10
docs/conf-available/10-backend-exec-ipset.conf

@ -0,0 +1,10 @@
[backend:exec-ipset]
load = libf2b_backend_exec.so
start = /sbin/ipset -! create <ID> hash:ip
start = /sbin/iptables -I INPUT -m set --match-set <ID> src -j DROP
stop = /sbin/iptables -D INPUT -m set --match-set <ID> src -j DROP
stop = /sbin/ipset -! destroy <ID>
ban = /sbin/ipset -! add <ID> <IP>
check = /sbin/ipset -! test <ID> <IP>
unban = /sbin/ipset -! del <ID> <IP>
timeout = 2

5
docs/conf-available/15-filter-pcre.conf

@ -0,0 +1,5 @@
[filter:pcre]
load = libf2b_filter_pcre.so
icase = no
study = yes
usejit = no

3
docs/conf-available/15-filter-preg.conf

@ -0,0 +1,3 @@
[filter:preg]
load = libf2b_filter_preg.so
icase = no

23
docs/f2b.conf.sample

@ -1,5 +1,5 @@
[main] [main]
includes = /etc/f2b/conf.d includes = /etc/f2b/conf-enabled
pidfile = /var/run/f2b.pid pidfile = /var/run/f2b.pid
logdest = syslog logdest = syslog
loglevel = info loglevel = info
@ -19,27 +19,6 @@ source = files:/var/log/messages
; filter = preg:/etc/f2b/filters/$someservice.preg ; filter = preg:/etc/f2b/filters/$someservice.preg
backend = exec-ipset:banned backend = exec-ipset:banned
[filter:preg]
load = libf2b_filter_preg.so
icase = no
[filter:pcre]
load = libf2b_filter_pcre.so
icase = no
study = no
usejit = no
[backend:exec-ipset]
load = libf2b_backend_exec.so
start = /sbin/ipset -! create <ID> hash:ip
start = /sbin/iptables -I INPUT -m set --match-set <ID> src -j DROP
stop = /sbin/iptables -D INPUT -m set --match-set <ID> src -j DROP
stop = /sbin/ipset -! destroy <ID>
ban = /sbin/ipset -! add <ID> <IP>
check = /sbin/ipset -! test <ID> <IP>
unban = /sbin/ipset -! del <ID> <IP>
timeout = 2
[jail:ssh] [jail:ssh]
source = files:/var/log/auth.log source = files:/var/log/auth.log
filter = preg:/etc/f2b/filters/ssh.preg filter = preg:/etc/f2b/filters/ssh.preg

Loading…
Cancel
Save