123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131 |
- [ssh]
- enabled = true
- port = 22
- protocol = ssh
- filter = sshd
- logpath = /var/log/auth.log
- action = iptables-allports[name=sshd, protocol=all]
- maxretry = 5
- findtime = 7200
- bantime = 86400
- [freeswitch]
- enabled = true
- port = 5060:5091
- protocol = all
- filter = freeswitch
- logpath = /var/log/freeswitch/freeswitch.log
- #logpath = /usr/local/freeswitch/log/freeswitch.log
- action = iptables-allports[name=freeswitch, protocol=all]
- maxretry = 5
- findtime = 600
- bantime = 3600
- # sendmail-whois[name=FreeSwitch, dest=root, [email protected]] #no smtp server installed
- [freeswitch-ip]
- enabled = false
- port = 5060:5091
- protocol = all
- filter = freeswitch-ip
- logpath = /var/log/freeswitch/freeswitch.log
- #logpath = /usr/local/freeswitch/log/freeswitch.log
- action = iptables-allports[name=freeswitch-ip, protocol=all]
- maxretry = 1
- findtime = 30
- bantime = 86400
- [auth-challenge-ip]
- enabled = false
- port = 5060:5091
- protocol = all
- filter = auth-challenge-ip
- logpath = /var/log/freeswitch/freeswitch.log
- #logpath = /usr/local/freeswitch/log/freeswitch.log
- action = iptables-allports[name=auth-challenge-ip, protocol=all]
- maxretry = 1
- findtime = 30
- bantime = 86400
- [sip-auth-challenge]
- enabled = true
- port = 5060:5091
- protocol = all
- filter = sip-auth-challenge
- logpath = /var/log/freeswitch/freeswitch.log
- #logpath = /usr/local/freeswitch/log/freeswitch.log
- action = iptables-allports[name=sip-auth-challenge, protocol=all]
- maxretry = 50
- findtime = 30
- bantime = 7200
- [sip-auth-failure]
- enabled = true
- port = 5060:5091
- protocol = all
- filter = sip-auth-failure
- logpath = /var/log/freeswitch/freeswitch.log
- #logpath = /usr/local/freeswitch/log/freeswitch.log
- action = iptables-allports[name=sip-auth-failure, protocol=all]
- maxretry = 3
- findtime = 30
- bantime = 7200
- [fusionpbx-404]
- enabled = true
- port = 5060:5091
- protocol = all
- filter = fusionpbx-404
- logpath = /var/log/freeswitch/freeswitch.log
- #logpath = /usr/local/freeswitch/log/freeswitch.log
- action = iptables-allports[name=fusionpbx-404, protocol=all]
- maxretry = 3
- findtime = 300
- bantime = 86400
- [fusionpbx]
- enabled = true
- port = 80,443
- protocol = tcp
- filter = fusionpbx
- logpath = /var/log/auth.log
- action = iptables-allports[name=fusionpbx, protocol=all]
- # sendmail-whois[name=fusionpbx, dest=root, [email protected]] #no smtp server installed
- maxretry = 10
- findtime = 600
- bantime = 3600
- [fusionpbx-mac]
- enabled = true
- port = 80,443
- protocol = tcp
- filter = fusionpbx-mac
- logpath = /var/log/syslog
- action = iptables-allports[name=fusionpbx-mac, protocol=all]
- # sendmail-whois[name=fusionpbx-mac, dest=root, [email protected]] #no smtp server installed
- maxretry = 5
- findtime = 300
- bantime = 86400
- [nginx-404]
- enabled = true
- port = 80,443
- protocol = tcp
- filter = nginx-404
- logpath = /var/log/nginx/access*.log
- action = iptables-allports[name=nginx-404, protocol=all]
- bantime = 3600
- findtime = 60
- maxretry = 120
- [nginx-dos]
- # Based on apache-badbots but a simple IP check (any IP requesting more than
- # 240 pages in 60 seconds, or 4p/s average, is suspicious)
- enabled = false
- port = 80,443
- protocol = tcp
- filter = nginx-dos
- logpath = /var/log/nginx/access*.log
- action = iptables-allports[name=nginx-dos, protocol=all]
- findtime = 60
- bantime = 86400
- maxretry = 240
|