i need something like fail2ban do on linux on pfsense or backend servers
-
I have pfsense/haproxy, dovecot imap postfix smpt, apache and iis behind as backend servers ... I need some idea to block unsuccessful login attempts 3 or 5 more attempts like fail2ban on linux.
I need some documents to read some links any help is appreciated...
maybe this is not a question for pfsense, by the moment I googling and I will investigate
regards! -
Send your syslog records to a FreeBSD or OpenBSD server running Fail2ban and have it use openbgpd to send updates (IPs to block) back to pfSense.
I do this with postfix now. I don't know how you would deal with IIS logs though.
-
@biggsy said in i need something like fail2ban do on linux on pfsense or backend servers:
your syslog records to a FreeBSD
Thanks... Let me understand.
You tell me to send the syslog records of (dovecot/postfix/apache backend servers) to a freebsd server running Fail2ban and openbgpd at the same time to return the ip address to be blocked on pfsense/haproxy/openbgp frontend server Through a shared border gateway protocol between backend and fronend? It looks complicated for a small deployment but I will try and take into account that possible solution.
thanks and sorry my english -
I think you understood it very well.
There are other things that can be done, as well, once you're collecting your syslog records to a single server.
Happy to share what I have done.
-
Are the backend servers running any form of BSD, look here if they are:-
https://www.cyberciti.biz/faq/freebsd-openbsd-pf-stop-ftp-bruteforce-attacks/
-
@nogbadthebad said in i need something like fail2ban do on linux on pfsense or backend servers:
e the backend servers running any form of BSD, look here if they are:-
thanks for reply!