[main] includes = /etc/f2b/conf.d pidfile = /var/run/f2b.pid logdest = syslog loglevel = info logfile = /var/log/f2b.log user = root group = root daemon = yes [defaults] enabled = no bantime = 3600 findtime = 300 incr_bantime = 0.0 incr_findtime = 0.0 maxretry = 5 source = files:/var/log/messages ; filter = preg:/etc/f2b/filters/$someservice.preg backend = exec-ipset:banned [filter:preg] load = libf2b_filter_preg.so icase = no [filter:pcre] load = libf2b_filter_pcre.so icase = no study = no usejit = no [backend:exec-ipset] load = libf2b_backend_exec.so start = /sbin/ipset -! create hash:ip start = /sbin/iptables -I INPUT -m set --match-set src -j DROP stop = /sbin/iptables -D INPUT -m set --match-set src -j DROP stop = /sbin/ipset -! destroy ban = /sbin/ipset -! add check = /sbin/ipset -! test unban = /sbin/ipset -! del timeout = 2 [jail:ssh] source = files:/var/log/auth.log filter = preg:/etc/f2b/filters/ssh.preg