diff --git a/docs/content/config/security/fail2ban.md b/docs/content/config/security/fail2ban.md index 954b9bdb..fedcc64f 100644 --- a/docs/content/config/security/fail2ban.md +++ b/docs/content/config/security/fail2ban.md @@ -4,7 +4,7 @@ hide: - toc # Hide Table of Contents for this page --- -Fail2Ban is installed automatically and bans IP addresses for 3 hours after 3 failed attempts in 10 minutes by default. +Fail2Ban is installed automatically and bans IP addresses for 1 week after 2 failed attempts in a time frame of 1 week by default. ## Configuration files diff --git a/target/fail2ban/jail.local b/target/fail2ban/jail.local index 9611e7e0..96f1d4f5 100644 --- a/target/fail2ban/jail.local +++ b/target/fail2ban/jail.local @@ -1,14 +1,14 @@ [DEFAULT] # "bantime" is the number of seconds that a host is banned. -bantime = 3h +bantime = 1w # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. -findtime = 10m +findtime = 1w # "maxretry" is the number of failures before a host get banned. -maxretry = 3 +maxretry = 2 # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban # will not ban a host which matches an address in this list. Several addresses @@ -25,9 +25,14 @@ enabled = true [postfix] enabled = true +# See https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58 +# `mode=aggressive` basically combines more filters to match more lines, and hence, apply rules +# more aggressively. The same goes for the `postfix-sasl` jail. +mode = aggressive [postfix-sasl] enabled = true +mode = aggressive # This jail is used for manual bans. # To ban an IP address use: setup.sh fail2ban ban