This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Customizations: jail.local
As with all F2B settings, you should always be working with the .local files so that updates do not overwrite your custom settings. This repo sets the following and these are the minimum options I suggest you review on any new set up.
This file customizes the defaults applied to all jail configurations used by F2B. This sets things like the default amount of time a system is banned, what actions should be used for banning systems and whether or not you get email notifications, etc.
ignoreip
This setting tells F2B which IP addresses/ranges/hostnames should never be banned. In general, this should be the localhost only. However, if you connect by remote using a particular machine, you might also want to exempt it from any possible bans. You can specify more than one entry by separating them with a space or comma. In this case, I've added the IP4 and IP6 defintions for localhost.
ignoreip = 127.0.0.1/8 ::1
A note about the local subnet
It's often touted that the local subnet should be included in the ignore list so that if your system is providing something like filesharing or media serving, your LAN machines are never banned. I do NOT do this and you'll see later that I've actually set up the filter to prevent the need for this in most home/SOHO cases. I suggest you think about whether or not exempting your LAN is a good idea. Certainly there are cases where it's necessary, but remember that your LAN can be a very common attack vector on server systems. This is because workstation computers are often not used by tech-savvy users and get compromised much more often than a server. By not having them subject to banning, malicious software on workstations can constantly hammer your server from within the LAN and end up doing more damage than external systems which are subject to firewalls and ip banning. Food for thought...
Timeframes
You should customize the relevant timeframes to your requirements and this will likely take a little experimentation. F2B checks for a system making 'maxretry' failed attempts to connect or login within 'findtime' seconds and, if that happens, bans the system for 'bantime' seconds.
I like using settings as below which state, "ban any system for 30 minutes that makes 5 invalid connection attempts within a 5 minute period".
bantime = 1800
maxretry = 5
findtime = 300
Some people find this too aggressive and prefer settings such as 10 attempts in 20 minutes, for example, which would look like:
bantime = 1800
maxretry = 10
findtime = 1200
Again, this will be up to you to determine what is appropriate for your environment and users. Remember that invididual jails can override these defaults.
Actions
Notification options
If you choose actions that involve sending email notifications, you need to let F2B know where to send those emails and who should send them. It's pretty straightforward, so this is the general setup:
destemail = account@domain.tld
sender = thismachine@domain.tld
mta = sendmail
The 'mta' field is very likely correct for your system but, if you are using a different MTA, you'll want to specify that here.
NOTE: If you want a simple way to have your server send notifications via email without setting up a full MTA, check out my article here on using msmtp and get it up and running in about 5 minutes!
Shortcuts
This is where you tell F2B exactly what to do when it finds a reason to ban a system based on the jail configuration. Again, individual jails can override these settings. The settings are defined backwards (IMHO) in this file, so I'll take a second to explain.
'action' is performed each time a system should be banned. There are several predefined actions listed in the jail.conf file which you can use and are often sufficient for most setups. Read the comments in that file to understand what each predefined action does. In my case, I like getting an email along with a few lines from the log telling me what they did to get banned.
Within 'action' is 'banaction' which is a link over to a specific configuration file telling F2B what to do on the system to enforce the ban. In this setup, we direct F2B to look at the ufw.conf file to see how to modify UFW's rules so it drops packets from the offending system. Details here.
The general setup as described above is as follows:
banaction = ufw
action = %(action_mwl)s
Other settings
There are many other options you can configure, but the defaults are pretty good in nearly all cases. That’s why I only change these settings. Review the comments in the jail.conf file for details on all settings.