You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
3.6 KiB
143 lines
3.6 KiB
[ssh]
|
|
enabled = true
|
|
port = 22
|
|
protocol = ssh
|
|
filter = sshd
|
|
logpath = /var/log/auth.log
|
|
action = iptables-allports[name=sshd, protocol=all]
|
|
maxretry = 6
|
|
findtime = 60
|
|
bantime = 86400
|
|
|
|
[freeswitch]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = freeswitch
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=freeswitch, protocol=all]
|
|
maxretry = 10
|
|
findtime = 60
|
|
bantime = 3600
|
|
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
|
|
|
[freeswitch-acl]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = freeswitch-acl
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=freeswitch-acl, protocol=all]
|
|
maxretry = 900
|
|
findtime = 60
|
|
bantime = 86400
|
|
|
|
[freeswitch-ip]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = freeswitch-ip
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=freeswitch-ip, protocol=all]
|
|
maxretry = 1
|
|
findtime = 60
|
|
bantime = 86400
|
|
|
|
[auth-challenge-ip]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = auth-challenge-ip
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=auth-challenge-ip, protocol=all]
|
|
maxretry = 1
|
|
findtime = 60
|
|
bantime = 86400
|
|
|
|
[sip-auth-challenge]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = sip-auth-challenge
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=sip-auth-challenge, protocol=all]
|
|
maxretry = 100
|
|
findtime = 60
|
|
bantime = 7200
|
|
|
|
[sip-auth-failure]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = sip-auth-failure
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=sip-auth-failure, protocol=all]
|
|
maxretry = 6
|
|
findtime = 60
|
|
bantime = 7200
|
|
|
|
[fusionpbx-404]
|
|
enabled = false
|
|
port = 5060:5091
|
|
protocol = all
|
|
filter = fusionpbx-404
|
|
logpath = /var/log/freeswitch/freeswitch.log
|
|
#logpath = /usr/local/freeswitch/log/freeswitch.log
|
|
action = iptables-allports[name=fusionpbx-404, protocol=all]
|
|
maxretry = 6
|
|
findtime = 60
|
|
bantime = 86400
|
|
|
|
[fusionpbx]
|
|
enabled = true
|
|
port = 80,443
|
|
protocol = tcp
|
|
filter = fusionpbx
|
|
logpath = /var/log/auth.log
|
|
action = iptables-allports[name=fusionpbx, protocol=all]
|
|
# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
|
maxretry = 20
|
|
findtime = 60
|
|
bantime = 3600
|
|
|
|
[fusionpbx-mac]
|
|
enabled = true
|
|
port = 80,443
|
|
protocol = tcp
|
|
filter = fusionpbx-mac
|
|
logpath = /var/log/syslog
|
|
action = iptables-allports[name=fusionpbx-mac, protocol=all]
|
|
# sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
|
|
maxretry = 10
|
|
findtime = 60
|
|
bantime = 86400
|
|
|
|
[nginx-404]
|
|
enabled = true
|
|
port = 80,443
|
|
protocol = tcp
|
|
filter = nginx-404
|
|
logpath = /var/log/nginx/access*.log
|
|
action = iptables-allports[name=nginx-404, protocol=all]
|
|
bantime = 3600
|
|
findtime = 60
|
|
maxretry = 300
|
|
|
|
[nginx-dos]
|
|
# Based on apache-badbots but a simple IP check (any IP requesting more than
|
|
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
|
|
enabled = true
|
|
port = 80,443
|
|
protocol = tcp
|
|
filter = nginx-dos
|
|
logpath = /var/log/nginx/access*.log
|
|
action = iptables-allports[name=nginx-dos, protocol=all]
|
|
findtime = 60
|
|
bantime = 86400
|
|
maxretry = 800
|