Last active
August 29, 2015 14:10
-
-
Save shimondoodkin/a0b8021e3615017eba5e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt-get install fail2ban | |
| apt-get install iptables-persistent | |
| apt-get install ufw | |
| ufw default deny incoming | |
| ufw default allow outgoing | |
| ufw allow ssh/tcp | |
| ufw allow www | |
| ufw allow smtp | |
| ufw allow pop3 | |
| ufw enable | |
| ufw status verbose | |
| echo "#""!""/bin/sh">/etc/ipfw | |
| echo "ufw allow from \`echo \$SSH_CONNECTION|awk '{ print \$1 }'\`">>/etc/ipfw | |
| chmod +x /etc/ipfw | |
| create files: | |
| /etc/fail2ban/action.d/ufw-ssh.conf | |
| [Definition] | |
| actionstart = | |
| actionstop = | |
| actioncheck = | |
| actionban = ufw insert 1 deny from <ip> to any app OpenSSH | |
| actionunban = ufw delete deny from <ip> to any app OpenSSH | |
| /etc/fail2ban/jail.local | |
| [ssh] | |
| banaction = ufw-ssh | |
| more on fail2ban with ufw | |
| https://web.archive.org/web/20131219153659/http://blog.vigilcode.com/2011/05/ufw-with-fail2ban-quick-secure-setup-part-ii/ | |
| http://johnny.chadda.se/article/using-fail2ban-with-nginx-and-ufw/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment