I don't know my configuration is OK or not? # cat 00-firewalld.conf # This file is part of the fail2ban-firewalld package to configure the use of # the firewalld actions as the default actions. You can remove this package # (along with the empty fail2ban meta-package) if you do not use firewalld [DEFAULT] banaction = firewallcmd-rich-rules[actiontype=<multiport>] banaction_allports = firewallcmd-rich-rules[actiontype=<allports>]
And: [vsftpd] enabled = true action = firewallcmd-ipset port = ftp,ftp-data,ftps,ftps-data logpath = %(vsftpd_log)s maxretry = 5 bantime = 86400 And: [sshd] enabled = true port = ssh action = firewallcmd-ipset logpath = %(sshd_log)s maxretry = 5 bantime = 86400 On Thursday, August 27, 2020, 04:54:54 PM GMT+4:30, Yassine Chaouche <a.chaou...@algerian-radio.dz> wrote: I can't talk for fedora, but on debian the jail.conf is the main configuration file that you should not touch. Your modifications should go to jail.local. As for filter.d, it is a directory containing all the necessary regexes to parse the software log files in search of offending IPs. That too shouldn't be changed unless you have software that doesn't come with a fail2ban filter, or if you modify the standard output format of the logs of any software that fail2ban monitors. In summary, your changes should go to jail.local and should be as small as possible as Richard mentionned (only change what doesn't already come by default). Good luck ! Yassine. On 8/27/20 12:32 PM, Richard Shaw wrote: > On Tue, Aug 25, 2020 at 12:12 AM Jason Long <hack3r...@yahoo.com> wrote: > Thank you. > What is the role of "jail.conf" and "filter.d" ? > Under the "filter.d" directory I see something like "vsftpd.conf" !!! Are > they the instruction for Fail2ban about how to ban? > I would have to defer to others about that. My experience is limited to maintaining the package for Fedora/EPEL and setting up a SSH jail as that is the only port I leave open to the internet. If I had to guess, I would think filter.d contains rules for how to scrape log files to find failed connection attempts. Thanks, Richard _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
