[DEFAULT] ignoreip = 127.0.0.1/8 192.168.1.0/24 bantime = 20 findtime = 20 maxretry = 3 backend = auto destemail = backbone@backbone.ws banaction = iptables-multiport mta = sendmail protocol = tcp [ssh-iptables] enabled = true action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=backbone@backbone.ws] logpath = /var/log/messages [ssh-ddos] enabled = true action = iptables[name=SSHDDOS, port=ssh, protocol=tcp] sendmail-whois[name=SSH-DDOS, dest=backbone@backbone.ws] logpath = /var/log/messages [pure-ftpd] enabled = true action = iptables[name=pureftpd, port=ftp, protocol=tcp] sendmail-whois[name=Pure-FTPd, dest=backbone@backbone.ws] # logpath = /var/log/pureftpd.log logpath = /var/log/messages [sendmail-auth] enabled = true action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp] sendmail-whois[name=Sendmail-Auth, dest=backbone@backbone.ws] logpath = /var/log/mail.log [sendmail-reject] enabled = true action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp] sendmail-whois[name=Sendmail-Reject, dest=backbone@backbone.ws] logpath = /var/log/mail.log [nginx-http-auth] enabled = true action = iptables-multiport[name=nginx-http-auth,port="80,443"] sendmail-whois[name=Nginx-Http-Auth, dest=backbone@backbone.ws] logpath = /var/log/nginx/error_log [squid] enabled = true action = iptables-multiport[name=squid,port="80,443,8080"] sendmail-whois[name=Squid, dest=backbone@backbone.ws] logpath = /var/log/squid/access.log [postfix-tcpwrapper] enabled = true action = hostsdeny[file=/not/a/standard/path/hosts.deny] sendmail-whois[name=Postfix-TCPWrapper, dest=backbone@backbone.ws] logpath = /var/log/mail.log [php-url-fopen] enabled = true action = iptables-multiport[name=php-url-open, port="http,https"] sendmail-whois[name=PHP-URL-Fopen, dest=backbone@backbone.ws] logpath = /var/log/lighttpd/access.log [lighttpd-auth] enabled = true action = iptables-multiport[name=lighttpd-auth, port="http,https"] sendmail-whois[name=Lighttpd-Auth, dest=backbone@backbone.ws] logpath = /var/log/lighttpd/error.log [named-refused-tcp] enabled = true action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] sendmail-whois[name=Named, dest=backbone@backbone.ws] logpath = /var/log/messages [nsd] enabled = true action = iptables-multiport[name=nsd-tcp, port="domain", protocol=tcp] iptables-multiport[name=nsd-udp, port="domain", protocol=udp] sendmail-whois[name=Nsd, dest=backbone@backbone.ws] logpath = /var/log/messages [ejabberd-auth] enabled = true action = iptables[name=ejabberd, port=xmpp-client, protocol=tcp] sendmail-whois[name=Ejabberd-Auth, dest=backbone@backbone.ws] logpath = /var/log/jabber/ejabberd.log [recidive] enabled = true action = iptables-allports[name=recidive,protocol=all] sendmail-whois[name=Recidive, dest=backbone@backbone.ws] [exim] enabled = true action = iptables-multiport[name=exim,port="25,465,587"] sendmail-whois[name=Exim, dest=backbone@backbone.ws] logpath = /var/log/exim/exim_main.log [exim-spam] enabled = true action = iptables-multiport[name=exim-spam,port="25,465,587"] sendmail-whois[name=Exim-Spam, dest=backbone@backbone.ws] logpath = /var/log/exim/exim_main.log [perdition] enabled = true action = iptables-multiport[name=perdition,port="110,143,993,995"] sendmail-whois[name=Perdition, dest=backbone@backbone.ws] logpath = /var/log/mail.log [dovecot] enabled = true action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] sendmail-whois[name=Dovecot, dest=backbone@backbone.ws] logpath = /var/log/mail.log [dovecot-auth] enabled = true action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] sendmail-whois[name=Dovecot-Auth, dest=backbone@backbone.ws] logpath = /var/log/dovecot.log [solid-pop3d] enabled = true action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp] sendmail-whois[name=Solid-POP3d, dest=backbone@backbone.ws] logpath = /var/log/mail.log [ssh-blocklist] enabled = true action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH-Blocklist, dest=backbone@backbone.ws] logpath = /var/log/messages # Kolan: Additional filters/rules [nginx-auth] enabled = true filter = nginx-auth action = iptables-multiport[name=nginx-auth, port="http,https", protocol=tcp] sendmail-whois[name=Nginx-Auth, dest=backbone@backbone.ws] logpath = /var/log/nginx/localhost.error_log bantime = 3600 maxretry = 3 [nginx-login] enabled = true filter = nginx-login action = iptables-multiport[name=nginx-login, port="http,https", protocol=tcp] sendmail-whois[name=Nginx-Login, dest=backbone@backbone.ws] logpath = /var/log/nginx*/*access*log bantime = 600 maxretry = 6 [nginx-badbots] enabled = true filter = apache-badbots action = iptables-multiport[name=nginx-badbots, port="http,https", protocol=tcp] sendmail-whois[name=Nginx-BadBots, dest=backbone@backbone.ws] logpath = /var/log/nginx*/*access*log bantime = 86400 maxretry = 1 [nginx-noscript] enabled = true filter = nginx-noscript action = iptables-multiport[name=nginx-noscript, port="http,https", protocol=tcp] sendmail-whois[name=Nginx-Noscript, dest=backbone@backbone.ws] logpath = /var/log/nginx*/*access*log maxretry = 6 bantime = 86400 [nginx-proxy] enabled = true filter = nginx-proxy action = iptables-multiport[name=nginx-proxy, port="http,https", protocol=tcp] sendmail-whois[name=Nginx-Proxy, dest=backbone@backbone.ws] logpath = /var/log/nginx*/*access*log maxretry = 0 bantime = 86400 [lighttpd-fastcgi] enabled = true port = http,https filter = lighttpd-fastcgi action = iptables-multiport[name=lighttpd-fastcgi, port="http,https", protocol=tcp] sendmail-whois[name=Lighttpd-FastCGI, dest=backbone@backbone.ws] logpath = /var/log/lighttpd/error.log maxretry = 2