Compare commits

...

4 Commits
v1.0 ... master

Author SHA1 Message Date
Asif Bacchus fe5a9cd3c7 fix(f2b) update port definition for 'all' 10 months ago
Asif Bacchus a9119bb4e3 refactor(git) ignore JetBrains settings 10 months ago
Asif Bacchus 610aa092e6 combine ignoreregex into single expression 3 years ago
Asif Bacchus aaab4e5eff ignore router multicast packets on LAN 3 years ago
  1. 5
      .gitignore
  2. 4
      etc/fail2ban/filter.d/ufw-probe.conf
  3. 2
      etc/fail2ban/jail.d/ufw-probe.conf

5
.gitignore vendored

@ -1,2 +1,3 @@
### Ignore .vscode settings
.vscode/*
### Ignore .IDE settings
.vscode
.idea

4
etc/fail2ban/filter.d/ufw-probe.conf

@ -3,10 +3,12 @@ failregex = .*\[UFW BLOCK\] IN=.* SRC=<HOST>
# ignore common multicast device discovery calls on LOCAL IPv4/IPv6 networks
# still ban non-local (WAN) calls to any associated ports
ignoreregex = SRC=(10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.|192\.168\.|fe\w*\:).* PROTO=UDP.* DPT=(1900|3702|5353|5355) LEN=\d*\s\s$
ignoreregex = SRC=(10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.|192\.168\.|fe\w*:).* DST=(static.ip.address.here|224\.0\.0\.*).* PROTO=(2|UDP)(\s+|.* DPT=(1900|3702|5353|5355) LEN=\d*\s+)$
# NOTES:
# Routers will often send packets to the multicast broadcast address (224.0.0.1)
# looking for multicast devices, this is safe to ignore on the LAN
# IPv6 link local is fe80::/10 (fe80::-febf:ffff...ffff), so only 'fe' will
# always match
# IPv4 private ranges are:

2
etc/fail2ban/jail.d/ufw-probe.conf

@ -1,7 +1,7 @@
[ufw-probe]
# We specify all ports since probing attacks are not limited to any one port.
port = all
port = 0:65535
# This should be specified in your jail.conf but we'll put it here just in case.
# The localhost might have reasons to probe itself, so it should never be

Loading…
Cancel
Save