Created custom jail: UFW-probe to catch port-probing.
This commit is contained in:
Asif Bacchus
@@ -0,0 +1,25 @@
|
||||
[ufw-probe]
|
||||
|
||||
# We specify all ports since probing attacks are not limited to any one port.
|
||||
port = all
|
||||
|
||||
# This should be specified in your jail.conf but we'll put it here just in case.
|
||||
# The localhost might have reasons to probe itself, so it should never be
|
||||
# blocked.
|
||||
ignoreip = 127.0.0.1/8 ::1
|
||||
|
||||
# By default, UFW logs to this location. Update as necessary to suit your
|
||||
# enviroment.
|
||||
logpath = /var/log/ufw.log
|
||||
|
||||
# Although timeframes are set in the jail.local, you might want to independently
|
||||
# control them for this particular filter so it's more/less aggressive.
|
||||
maxretry = 5
|
||||
findtime = 300
|
||||
|
||||
# Because this is a custom filter, we need to point F2B to our custom filter. If
|
||||
# you changed the name of that filter file, then update it here without the
|
||||
# '.conf' part.
|
||||
filter = ufw-probe
|
||||
|
||||
enabled = true
|
||||
Reference in New Issue
Block a user