robetus · March 20, 2017 01:40
diff --git a/20-3proxy.conf b/20-3proxy.conf
 # /etc/fail2ban/jail.d/20-3proxy.conf
 [3proxy]
 enabled = true
 filter  = 3proxy
 action  = iptables[name=3proxy, port=3128, protocol=tcp]
 logpath = /var/log/3proxy/3proxy.log*
 maxretry = 3
 bantime  = 3600 ; 1 hour
 findtime = 3600 ; 1 hour
diff --git a/3proxy.cfg b/3proxy.cfg
 # you can set your naming servers here
 # but you better set them in the /etc/resolv.conf file, so that your 3proxy.cfg file can be shared
 #nserver 8.8.8.8
 #nserver 8.8.4.4

 nscache 65536
 timeouts 1 5 30 60 180 1800 15 60

 daemon

 # users with password are listed in a separated file (mode should be 600, filename is prefix with a $)
 users $/etc/3proxy/.proxyauth

 # for privacy, we can log to /dev/null
 #log /dev/null

 # but in order to use fail2ban, we should use a log file
 # so we better use a frequently rotating log file
 log /var/log/3proxy/3proxy.log H

 # default logformat should be used to work with fail2ban
 #logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"

 # don'k archive logs for privacy
 #archiver gz /usr/bin/gzip %F

 # don't keep logs for privacy
 rotate 1

 # put the actual external IP here (don't use 0.0.0.0, it works but it's less secure)
 external 0.0.0.0

 # proxy with username/password authentication type
 auth strong
 # We want to protect internal interface
 deny * * 127.0.0.1
 deny * * 0.0.0.0
 allow * * * 80-88,8080-8088 HTTP
 allow * * * 443,8443 HTTPS

 # Sets the proxy on port 3128 with high anonymous flag -a to remove the X-Forwarded-For header
 proxy -a -p3128
 # or use flag -a1 to set the X-Forwarded-For header with fake IP addresses
 #proxy -a1 -p3128

 maxconn 64

 #socks
 flush
	# /etc/fail2ban/jail.d/20-3proxy.conf
	[3proxy]
	enabled = true
	filter = 3proxy
	action = iptables[name=3proxy, port=3128, protocol=tcp]
	logpath = /var/log/3proxy/3proxy.log*
	maxretry = 3
	bantime = 3600 ; 1 hour
	findtime = 3600 ; 1 hour
	# you can set your naming servers here
	# but you better set them in the /etc/resolv.conf file, so that your 3proxy.cfg file can be shared
	#nserver 8.8.8.8
	#nserver 8.8.4.4

	nscache 65536
	timeouts 1 5 30 60 180 1800 15 60

	daemon

	# users with password are listed in a separated file (mode should be 600, filename is prefix with a $)
	users $/etc/3proxy/.proxyauth

	# for privacy, we can log to /dev/null
	#log /dev/null

	# but in order to use fail2ban, we should use a log file
	# so we better use a frequently rotating log file
	log /var/log/3proxy/3proxy.log H

	# default logformat should be used to work with fail2ban
	#logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"

	# don'k archive logs for privacy
	#archiver gz /usr/bin/gzip %F

	# don't keep logs for privacy
	rotate 1

	# put the actual external IP here (don't use 0.0.0.0, it works but it's less secure)
	external 0.0.0.0

	# proxy with username/password authentication type
	auth strong
	# We want to protect internal interface
	deny * * 127.0.0.1
	deny * * 0.0.0.0
	allow * * * 80-88,8080-8088 HTTP
	allow * * * 443,8443 HTTPS

	# Sets the proxy on port 3128 with high anonymous flag -a to remove the X-Forwarded-For header
	proxy -a -p3128
	# or use flag -a1 to set the X-Forwarded-For header with fake IP addresses
	#proxy -a1 -p3128

	maxconn 64

	#socks
	flush