194
edits
Fail2ban: Difference between revisions
no edit summary
imported>Rollin rob No edit summary |
No edit summary |
||
| Line 15: | Line 15: | ||
* The <source lang="nix" enclose="none">maxretry</source> option allows you to specify how many failures are required for an IP address to be blocked. | * The <source lang="nix" enclose="none">maxretry</source> option allows you to specify how many failures are required for an IP address to be blocked. | ||
* To prevent being locked out accidentally, use <source lang="nix" enclose="none">ignoreIP</source> to whitelist IPs or IP ranges to be never cheked. In the example below, common LAN IP address ranges as well as the specific IP '8.8.8.8' and the address associated with the hostname "nixos. | * To prevent being locked out accidentally, use <source lang="nix" enclose="none">ignoreIP</source> to whitelist IPs or IP ranges to be never cheked. In the example below, common LAN IP address ranges as well as the specific IP '8.8.8.8' and the address associated with the hostname "wiki.nixos.org" are excluded from any bans. Note that the loopback addresses "127.0.0.0/8" and "::1" are added by default. | ||
* <source lang="nix" enclose="none">bantime</source> specifies for how much time an IP address is blocked after reaching the maximum number of failures. Note that the bantime can be increased for every violation by setting <source lang="nix" enclose="none">bantime-increment.enable = true;</source>. The bantime increment can then be customized by specifying a formula (in Python) like <source lang="python" enclose="none">ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)</source> with <source lang="nix" enclose="none">bantime-increment.formula</source>, the multipliers with <source lang="nix" enclose="none">bantime-increment.multipliers</source>, the maximum bantime with <source lang="nix" enclose="none">bantime-increment.maxtime</source> and the indication to consider the bans issued throughout multiple jails with <source lang="nix" enclose="none">bantime-increment.overalljails</source> | * <source lang="nix" enclose="none">bantime</source> specifies for how much time an IP address is blocked after reaching the maximum number of failures. Note that the bantime can be increased for every violation by setting <source lang="nix" enclose="none">bantime-increment.enable = true;</source>. The bantime increment can then be customized by specifying a formula (in Python) like <source lang="python" enclose="none">ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)</source> with <source lang="nix" enclose="none">bantime-increment.formula</source>, the multipliers with <source lang="nix" enclose="none">bantime-increment.multipliers</source>, the maximum bantime with <source lang="nix" enclose="none">bantime-increment.maxtime</source> and the indication to consider the bans issued throughout multiple jails with <source lang="nix" enclose="none">bantime-increment.overalljails</source> | ||
* <source lang="nix" enclose="none">banaction</source> specifies which of the actions in <source lang="nix" enclose="none">/etc/fail2ban/action.d</source> should be the default ban action (e.g., iptables, iptables-new, iptables-multiport, iptables-ipset-proto6-allports, shorewall, etc.) | * <source lang="nix" enclose="none">banaction</source> specifies which of the actions in <source lang="nix" enclose="none">/etc/fail2ban/action.d</source> should be the default ban action (e.g., iptables, iptables-new, iptables-multiport, iptables-ipset-proto6-allports, shorewall, etc.) | ||
| Line 30: | Line 30: | ||
"10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" | "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" | ||
"8.8.8.8" # whitelist a specific IP | "8.8.8.8" # whitelist a specific IP | ||
"nixos. | "wiki.nixos.org" # resolve the IP via DNS | ||
]; | ]; | ||
bantime = "24h"; # Ban IPs for one day on the first ban | bantime = "24h"; # Ban IPs for one day on the first ban | ||