Feed banned host from FreeBSD mailserver to pfsense? (fail2ban)



  • Is there any good way to get the banned hosts from my mail-server to get blocked already at the firewall?

    Today I have a mailserver on linux, but I have set almost everything up on a FreeBSD installation and the intention is to migrate to that but not until I have setup fail2ban properly, and that got me thinking that I actually don't want the blocked hosts on my LAN at all.

    So is there any good way to set this up?



  • My first thought would be to make the list of IPs available via something that pfBlockerNG can use…  http server on the Linux box serving up plaintext list of offending IPs for example.


  • Rebel Alliance Global Moderator

    You don't need pfblocker for something like this.  Simple storing of the IPs in a list that pfsense can access, and then use of the alias pointing to that url.

    https://doc.pfsense.org/index.php/Aliases#URL_Table_Aliases



  • I use OpenBGPD to send banned IPs from my FreeBSD/postfix mail server to an alias on pfSense.  Using postfix is pretty central to the way I'm doing this, though.

    Once I got fail2ban working and updating a local pf table, my thoughts about having them get past the front door were exactly the same.

    I also did the same for a friend and drew a picture to help explain it to hiim.  I'll see if I can find it.



  • @biggsy:

    I use OpenBGPD to send banned IPs from my FreeBSD/postfix mail server to an alias on pfSense.  Using postfix is pretty central to the way I'm doing this, though.

    Once I got fail2ban working and updating a local pf table, my thoughts about having them get past the front door were exactly the same.

    I also did the same for a friend and drew a picture to help explain it to hiim.  I'll see if I can find it.

    That would be much appreciated!

    I'm really "new" to *nix, meaning I can follow guides on Internet to set things up (and the more you do it the more you understand) but I'm far from even a mediocre user.



  • The diagram was more for me to talk to while I tried to explain to my friend.  Not much useful content.

    Sent you a PM.