[INCLUDES]before = paths-arch.conf[DEFAULT]# ignorecommand = /path

1.  
2. [INCLUDES]
3.  
4. before = paths-arch.conf
5.  
6. [DEFAULT]
7.  
8. # ignorecommand = /path/to/command <ip>
9. ignorecommand =
10.  
11. # "bantime" is the number of seconds that a host is banned.
12. bantime = 10m
13.  
14. # A host is banned if it has generated "maxretry" during the last "findtime"
15. # seconds.
16. findtime = 10m
17.  
18. # "maxretry" is the number of failures before a host get banned.
19. maxretry = 3
20.  
21. # "maxmatches" is the number of matches stored in ticket (resolvable via tag <matches> in actions).
22. maxmatches = %(maxretry)s
23.  
24. backend = auto
25. usedns = warn
26. logencoding = auto
27. enabled = false
28. mode = normal
29.  
30. filter = %(__name__)s[mode=%(mode)s]
31.  
32.  
33. #
34. # ACTIONS
35. #
36.  
37. destemail = [email protected]
38. sender = [email protected]
39.  
40. mta = mail
41. protocol = tcp
42. chain = <known/chain>
43. port = 0:65535
44.  
45. fail2ban_agent = Fail2Ban/%(fail2ban_version)s
46.  
47. #
48. # Action shortcuts. To be used to define action parameter
49.  
50. banaction = iptables-multiport
51. banaction_allports = iptables-allports
52.  
53. # The simplest action to take: ban only
54. action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
55.  
56. # custom action
57. action_cust = %(action_)s
58. mail-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
59.  
60. action = %(action_)s
61.  
62.  
63. #
64. # JAILS
65. #
66.  
67. [sshd]
68.  
69. # To use more aggressive sshd modes set filter parameter "mode" in jail.local:
70. # normal (default), ddos, extra or aggressive (combines all).
71. # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
72. #mode = normal
73. enabled = true
74. port = 31222
75. logpath = %(sshd_log)s
76. backend = %(sshd_backend)s
77. action = %(action_cust)s
78.