Securing FreeBSD server with Fail2Ban and IPFW

I’ve been playing with a FreeBSD machine for a while now and my primary server now runs FreeBSD :D
So I came across this problem: installing Fail2Ban with IPFW.

FreeBSD has three different firewalls, so it’s difficult for any upstream application to decide on what kind of setup it should advocate. There is no one-size-fits-for-all. I read about various firewalls, and since I wanted to stick with FreeBSD only, I decided to use IPFW.

Fail2ban is a very useful script to prevent brute force attacks against various system daemons. And the best part about it is, it works on regular expressions and user configured commands for banning and unbanning IP addresses.

IPFW has lookup tables feature which I used here. This is one of the IPFW rules in my script:

So, it will block any traffic for IP addresses found in table number one.

Now, Fail2Ban Jail configuration /usr/local/etc/fail2ban/jail.conf :

Go to /usr/local/etc/fail2ban/action.d  and copy ipfw.conf  to ipfw-ssh.conf

Open ipfw-ssh.conf in your favorite text editor and modify actionban  and actionunban  lines:

For the lazy, here’s a patch:

That’s it. Start your firewall and fail2ban.
Whenever fail2ban detects brute force attempts, it will add the IP to table number one, which will cause the connections to be blocked as per our primary IPFW rule. And it will be deleted after the bantime  is over.

Leave a Reply