Created custom jail: UFW-probe to catch port-probing.

This commit is contained in:
Asif Bacchus 2018-09-29 17:22:46 -06:00
parent f03c94c8eb
commit 3268998234
2 changed files with 56 additions and 0 deletions

31
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,31 @@
{
"cSpell.enabledLanguageIds": [
"asciidoc",
"c",
"cpp",
"csharp",
"css",
"go",
"handlebars",
"html",
"jade",
"javascript",
"javascriptreact",
"json",
"latex",
"less",
"markdown",
"php",
"plaintext",
"properties",
"pub",
"python",
"restructuredtext",
"rust",
"scss",
"text",
"typescript",
"typescriptreact",
"yml"
]
}

View File

@ -0,0 +1,25 @@
[ufw-probe]
# We specify all ports since probing attacks are not limited to any one port.
port = all
# This should be specified in your jail.conf but we'll put it here just in case.
# The localhost might have reasons to probe itself, so it should never be
# blocked.
ignoreip = 127.0.0.1/8 ::1
# By default, UFW logs to this location. Update as necessary to suit your
# enviroment.
logpath = /var/log/ufw.log
# Although timeframes are set in the jail.local, you might want to independently
# control them for this particular filter so it's more/less aggressive.
maxretry = 5
findtime = 300
# Because this is a custom filter, we need to point F2B to our custom filter. If
# you changed the name of that filter file, then update it here without the
# '.conf' part.
filter = ufw-probe
enabled = true