[ufw-probe] # We specify all ports since probing attacks are not limited to any one port. port = all # This should be specified in your jail.conf but we'll put it here just in case. # The localhost might have reasons to probe itself, so it should never be # blocked. ignoreip = 127.0.0.1/8 ::1 # By default, UFW logs to this location. Update as necessary to suit your # environment. logpath = /var/log/ufw.log # Although timeframes are set in the jail.local, you might want to independently # control them for this particular filter so it's more/less aggressive. maxretry = 5 findtime = 300 # Because this is a custom filter, we need to point F2B to our custom filter. If # you changed the name of that filter file, then update it here without the # '.conf' part. filter = ufw-probe enabled = true