blob: 5b77b5ba98ac2eab44dfeee2848e67a06e6272b9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
[DEFAULT]
# For 'banaction' you can use any action defined in /etc/fail2ban/action.d/
# including things like iptables, iptables-ipset, nftables-*, ...
banaction = hostsdeny
banaction_allports = hostsdeny
# Blocking decision making is fully logged in /var/log/fail2ban.log
# Current blocking can be viewed with:
# fail2ban-client status
# fail2ban-client status [service]
# You can unban IPs with
# fail2ban-client unban <ip>...
#
# Or unban just for one service/jail
# fail2ban-client set <jail> unban <ip>
# Go away for a long time
bantime = 34d
# DEBUGGING
# You can debug fail2ban behavior by running it in the foreground with
# client debug and server debug logging:
# fail2ban-client -vvvvvvvvvv --loglevel DEBUG -f -x start
# In another terminal:
# tail -F /var/log/fail2ban.log
#
# It helps to delete the persistent save db before fail2ban is started
# in debug mode too:
# rm /var/lib/fail2ban/fail2ban.sqlite3
# And we're always watching
# If you're testing/debugging your auth and failing your own logins
# either by mistake or intentionally, you'll want to either decrease
# the findtime, decrease the bantime, increase the maxretry time,
# or just disable fail2ban for [findtime] after your testing.
findtime = 6h
# Quick and done
maxretry = 5
[sshd]
# Disable sshd since we don't have public ssh access to these servers
enabled = false
[postfix]
enabled = true
mode = aggressive
findtime = 7d # watch out for bad long-term trickle tricksters
[postfix-rspamd]
enabled = true
findtime = 7d
maxretry = 3
[dovecot]
enabled = true
|
