change F2B configs: made config more aggressive (#3243)

2023-04-11 20:28:43 +02:00 · 2023-04-11 20:28:43 +02:00 · 1076aac37d
parent de19c6bd36
commit 1076aac37d
2 changed files with 9 additions and 4 deletions
--- a/docs/content/config/security/fail2ban.md
+++ b/docs/content/config/security/fail2ban.md
@ -4,7 +4,7 @@ hide:
  - toc # Hide Table of Contents for this page
 ---

-Fail2Ban is installed automatically and bans IP addresses for 3 hours after 3 failed attempts in 10 minutes by default.
+Fail2Ban is installed automatically and bans IP addresses for 1 week after 2 failed attempts in a time frame of 1 week by default.

 ## Configuration files

--- a/target/fail2ban/jail.local
+++ b/target/fail2ban/jail.local
@ -1,14 +1,14 @@
 [DEFAULT]

 # "bantime" is the number of seconds that a host is banned.
-bantime = 3h
+bantime = 1w

 # A host is banned if it has generated "maxretry" during the last "findtime"
 # seconds.
-findtime = 10m
+findtime = 1w

 # "maxretry" is the number of failures before a host get banned.
-maxretry = 3
+maxretry = 2

 # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
 # will not ban a host which matches an address in this list. Several addresses
@ -25,9 +25,14 @@ enabled = true

 [postfix]
 enabled = true
+# See https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58
+# `mode=aggressive` basically combines more filters to match more lines, and hence, apply rules
+# more aggressively. The same goes for the `postfix-sasl` jail.
+mode = aggressive

 [postfix-sasl]
 enabled = true
+mode = aggressive

 # This jail is used for manual bans.
 # To ban an IP address use: setup.sh fail2ban ban <IP>