Skip to content

change F2B configs: made config more aggressive#3243

Merged
georglauterbach merged 6 commits intomasterfrom
fail2ban/change-defaults
Apr 11, 2023
Merged

change F2B configs: made config more aggressive#3243
georglauterbach merged 6 commits intomasterfrom
fail2ban/change-defaults

Conversation

@georglauterbach
Copy link
Copy Markdown
Member

@georglauterbach georglauterbach commented Apr 10, 2023
edited
Loading

Description

Adjust F2B config. Made Postfix & Postfix-SASL more aggressive (switched mode to aggressive). Also increased bantime & findtime and reduced maxretries, as proposed in #3178.

I have been running a configuration that is even more aggressive on my personal instance, and never had any problems. I believe this change to be worthwhile and justified :)

Fixes #3178

Type of change

  • Improvement (non-breaking change that does improve existing functionality)

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (README.md or the documentation under docs/)
  • If necessary I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@georglauterbach georglauterbach added service/security/fail2ban kind/improvement Improve an existing feature, configuration file or the documentation area/configuration (file) labels Apr 10, 2023
@georglauterbach georglauterbach added this to the v12.1.0 milestone Apr 10, 2023
@georglauterbach georglauterbach self-assigned this Apr 10, 2023
@georglauterbach georglauterbach mentioned this pull request Apr 10, 2023
Closed
10 tasks
@georglauterbach georglauterbach enabled auto-merge (squash) April 10, 2023 21:40
@georglauterbach
Copy link
Copy Markdown
Member Author

georglauterbach commented Apr 10, 2023

ATTENTION: Auto-Merge is enabled :)

@casperklein
Copy link
Copy Markdown
Member

casperklein commented Apr 10, 2023

LGTM 👍 Just two things:

For completeness and documentation: could you explain/give an example, what adding mode=aggressive does (on top) compared to not using it. "Being more aggressive" is a bit vague.

In the linked issue you mentioned a dedicated Postscreen jail. Does mode=aggressive already handle that or was there an other reason you omitted it?

PS: IMO findtime could also be 1w.

@georglauterbach
Copy link
Copy Markdown
Member Author

georglauterbach commented Apr 10, 2023

For completeness and documentation: could you explain/give an example, what adding mode=aggressive does (on top) compared to not using it. "Being more aggressive" is a bit vague.

Does that help: https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58? It basically matches more lines. Do you want to add this to the file too?

In the linked issue you mentioned a dedicated Postscreen jail. Does mode=aggressive already handle that or was there an other reason you omitted it?

Yes: mode=aggressive already handles that.

PS: IMO findtime could also be 1w.

I took d because it's consistent with findtime 😂

@casperklein
Copy link
Copy Markdown
Member

casperklein commented Apr 10, 2023

Does that help: fail2ban/fail2ban@27294c4/config/filter.d/postfix.conf#L58? It basically matches more lines. Do you want to add this to the file too?

Doesn't hurt I think 👍

PS: IMO findtime could also be 1w.

I took d because it's consistent with findtime 😂

You misunderstood. I meant 7d or 1w. Currently it's 1d.

@georglauterbach
Copy link
Copy Markdown
Member Author

georglauterbach commented Apr 11, 2023
edited
Loading

Does that help: fail2ban/fail2ban@27294c4/config/filter.d/postfix.conf#L58? It basically matches more lines. Do you want to add this to the file too?

Doesn't hurt I think 👍

👍🏼

PS: IMO findtime could also be 1w.

I took d because it's consistent with findtime 😂

You misunderstood. I meant 7d or 1w. Currently it's 1d.

Oh, I see :D I will adjust the PR.

EDIT: Done.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 11, 2023

Documentation preview for this PR is ready! 🎉

Built with commit: f79d4fb

@georglauterbach georglauterbach merged commit 1076aac into master Apr 11, 2023
@georglauterbach georglauterbach deleted the fail2ban/change-defaults branch April 11, 2023 18:28
This was referenced Apr 14, 2023
Closed
Merged
@casperklein casperklein mentioned this pull request Aug 12, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wernerfred wernerfred wernerfred approved these changes

@casperklein casperklein Awaiting requested review from casperklein

Assignees

@georglauterbach georglauterbach

Labels

area/configuration (file) kind/improvement Improve an existing feature, configuration file or the documentation service/security/fail2ban

Projects

None yet

Milestone

v12.1.0

Development

Successfully merging this pull request may close these issues.

[FR] Postscreen attack vectors should be banned by F2B in the default config

3 participants

@georglauterbach @casperklein @wernerfred