fail2ban

# portmaster security/py-fail2ban

http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Configuration

/etc/rc.conf

fail2ban_enable="YES"

/usr/local/etc/fail2ban/

• fail2ban.local
• jail.local

/etc/pf.conf

# echo 'block drop log quick from <fail2ban> to any'  >> /etc/pf.conf

/etc/newsyslog.conf

# /var/log/fail2ban.log       600  7      * @T00  JC

start

# /usr/local/etc/rc.d/fail2ban start

sonstiges

anzeigen der Blacklist

# pfctl -t fail2ban -T show

löschen einer IP

# pfctl -t fail2ban -T delete xxx.xxx.xxx.xxx

sperren einer ganzen class-B (hier hotmail.com)

# pfctl -t fail2ban -T add 65.55.0.0/16