Added fail2ban, though not sure its configured correctly yet

2025-07-05 01:09:37 +00:00 · 2023-03-09 22:11:28 +10:00
parent e959e54dc8
commit 700518a0a2
245 changed files with 9172 additions and 5 deletions
--- a/docker/rootfs/fail2ban/action.d/route.conf
+++ b/docker/rootfs/fail2ban/action.d/route.conf
@ -0,0 +1,30 @@
+## Version 2022/08/06
+# Fail2Ban configuration file
+#
+# Author: Michael Gebetsroither
+#
+# This is for blocking whole hosts through blackhole routes.
+#
+# PRO:
+#   - Works on all kernel versions and as no compatibility problems (back to debian lenny and WAY further).
+#   - It's FAST for very large numbers of blocked ips.
+#   - It's FAST because it Blocks traffic before it enters common iptables chains used for filtering.
+#   - It's per host, ideal as action against ssh password bruteforcing to block further attack attempts.
+#   - No additional software required beside iproute/iproute2
+#
+# CON:
+#   - Blocking is per IP and NOT per service, but ideal as action against ssh password bruteforcing hosts
+
+[Definition]
+actionban   = ip route add <blocktype> <ip>
+actionunban = ip route del <blocktype> <ip>
+actioncheck =
+actionstart =
+actionstop =
+
+[Init]
+
+# Option:  blocktype
+# Note:    Type can be blackhole, unreachable and prohibit. Unreachable and prohibit correspond to the ICMP reject messages.
+# Values:  STRING
+blocktype = unreachable