Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
cat /etc/fail2ban/jail.local
The DEFAULT allows a global definition of the options. They can be overridden
in each jail afterwards.
[DEFAULT]
"ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
ban a host which matches an address in this list. Several addresses can be
defined using space separator.
ignoreip = 127.0.0.1/8
"bantime" is the number of seconds that a host is banned.
bantime = 600
A host is banned if it has generated "maxretry" during the last "findtime"
seconds.
findtime = 600
maxretry = 6
#
ACTIONS
#
banaction = iptables-multiport
protocol = tcp
chain = INPUT
action_ = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
actionmwl = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
sendmail-whois-lines[name=%(name)s, dest=optional@email.com, sender=ncp-fail2ban@ownyourbits.com]
action = %(action)s
#
SSH
#
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
#
HTTP servers
#
[nextcloud]
enabled = true
port = http,https
filter = nextcloud
logpath = /var/www/nextcloud/data/nextcloud.log
maxretry = 6
Add Comment
Please, Sign In to add comment