Date: Sat, 22 Jun 2019 15:07:38 -0400 From: Chris Gordon <freebsd@theory14.net> To: David Mehler <dave.mehler@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: mail server in jail, host pf, and fail2ban Message-ID: <EF2E0DD2-37EB-4690-A744-B2B29FADB92C@theory14.net> In-Reply-To: <CAPORhP7y5iprBZtaEczNkCP3j3VjiOiWea7se_M-aShzZe4ZoQ@mail.gmail.com> References: <CAPORhP7y5iprBZtaEczNkCP3j3VjiOiWea7se_M-aShzZe4ZoQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Assuming your jail host can see the files inside the jail -- = specifically the jail's /var/log/maillog -- you could run fail2ban on = the jail host where it has access to pf and simply point it to the = jail's /var/log/maillog. For example, assume your mail jail is named mailserver. (NOTE: I'm = using iocage to manage my jails so some of the path will be part of = iocage's standards.) On your jail host, in = /usr/local/etc/fail2ban/jail.local, you would use a stanza such as: [postfix-postscreen] enabled =3D yes port =3D smtp,456,submission logpath =3D /iocage/jails/mailserver/root/var/log/maillog backend =3D %(postfix_backend)s Chris * By "jail host" I mean the machine running the jails. > On Jun 22, 2019, at 11:50 AM, David Mehler <dave.mehler@gmail.com> = wrote: >=20 > Hello, >=20 > I've got a pf/fail2ban/jail/postscreen question. I'm running a mail > system in a FreeBSD jail, and on the host system i'm using the pf > firewall. What I'm getting are connections to my jail's postscreen > port 25, what i'd like to get done is to try to get those ips scanned > for on the host and banned by fail2ban and pf. >=20 > Suggestions welcome. > Thanks. > Dave. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EF2E0DD2-37EB-4690-A744-B2B29FADB92C>