Seite 1 von 1

ddos.conf

Verfasst: Mo 11. Apr 2016, 19:28
von THE-AB
System:
Debian Jessie
Fail2Ban v0.8.13

Code: Alles auswählen

Nov 16 01:48:22 server kernel: [102787.380151] UDP: short packet: From 44.136.252.55:7565 3620/1480 to 64.172.184.46:4431
Nov 16 01:48:22 server kernel: [102787.490086] UDP: short packet: From 44.136.252.55:7565 3901/1480 to 64.172.184.46:4431
Nov 16 01:51:34 server kernel: [102979.315643] UDP: short packet: From 37.126.188.47:7565 3764/1480 to 64.172.184.46:4431
Nov 16 01:51:34 server kernel: [102979.425152] UDP: short packet: From 37.126.188.47:7565 3737/1480 to 64.172.184.46:4431 
/etc/fail2ban/jail.conf

Code: Alles auswählen

[ddos]
enabled = true
port     = all
banaction = iptables-allports
port     = anyport
protocol = udp
filter = ddos
logpath = /var/log/kern.log
maxretry = 2
/etc/fail2ban/filter.d/ddos.conf

Code: Alles auswählen

# Fail2Ban configuration file
#
#
#
[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

# Option:  failregex
# Notes.:  Auto block short UDP.
# Values:  TEXT
#
failregex = UDP: short packet: From <HOST>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =