Na}{

File Content: `pf.conf`

# Fail2Ban configuration file
#
# OpenBSD pf ban/unban
#
# Author: Nick Hilliard <nick@foobar.org>
# Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6
# Modified by: Balazs Mateffy adding allproto option so all traffic gets blocked from the malicious source
#
#

[Definition]

# Option:  actionstart
# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values:  CMD
#
# we don't enable PF automatically; to enable run pfctl -e 
# or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD)
# also, these rulesets are loaded into (nested) anchors
# to enable them, add as wildcard:
#     anchor "f2b/*"
# or using jail names:
#     anchor f2b {
#        anchor name1
#        anchor name2
#        ...
#     }
# to your main pf ruleset, where "namei" are the names of the jails
# which invoke this action
# to block all protocols use the pf[protocol=all] option
actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f-
              port="<port>"; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi
              protocol="<protocol>"; if [ "$protocol" != "all" ]; then protocol="proto $protocol"; else protocol=all; fi
              echo "<block> $protocol from <<tablename>-<name>> to <actiontype>" | <pfctl> -f-

# Option:  start_on_demand - to start action on demand
# Example: `action=pf[actionstart_on_demand=true]`
actionstart_on_demand = false

# Option:  actionstop
# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
# Values:  CMD
#
# we only disable PF rules we've installed prior
actionstop = <pfctl> -sr 2>/dev/null | grep -v <tablename>-<name> | <pfctl> -f-
             %(actionflush)s
             <pfctl> -t <tablename>-<name> -T kill


# Option:  actionflush
# Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
# Values:  CMD
#
actionflush = <pfctl> -t <tablename>-<name> -T flush


# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck = <pfctl> -sr | grep -q <tablename>-<name>


# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionban = <pfctl> -t <tablename>-<name> -T add <ip>


# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
# note -r option used to remove matching rule
actionunban = <pfctl> -t <tablename>-<name> -T delete <ip>

# Option: pfctl
#
# Use anchor as jailname to manipulate affected rulesets only.
# If more parameter expected it can be extended with `pf[pfctl="<known/pfctl> ..."]`
# 
pfctl = pfctl -a f2b/<name>

[Init]
# Option:  tablename
# Notes.:  The pf table name.
# Values:  [ STRING ]
#
tablename = f2b

# Option: block
#
# The action you want pf to take.
# Probably, you want "block quick", but adjust as needed.
# If you want to log all blocked use "blog log quick"
block = block quick

# Option:  protocol
# Notes.:  internally used by config reader for interpolations.
# Values:  [ tcp | udp | icmp | ipv6-icmp ] Default: tcp
#
protocol = tcp

# Option: actiontype
# Notes.: defines additions to the blocking rule
# Values: leave empty to block all attempts from the host
# Default: Value of the multiport
actiontype = <multiport>

# Option: allports
# Notes.: default addition to block all ports
# Usage.: use in jail config: "banaction = pf[actiontype=<allports>]"
allports = any

# Option: multiport
# Notes.: addition to block access only to specific ports
# Usage.: use in jail config: "banaction = pf[actiontype=<multiport>]"
multiport = any port $port

Name	Size	Permission
abuseipdb.conf	3748 bytes	0644
apf.conf	587 bytes	0644
apprise.conf	1413 bytes	0644
blocklist_de.conf	2715 bytes	0644
bsd-ipfw.conf	3226 bytes	0644
cloudflare-token.conf	3072 bytes	0644
cloudflare.conf	3037 bytes	0644
complain.conf	4773 bytes	0644
dshield.conf	7684 bytes	0644
dummy.conf	1717 bytes	0644
firewallcmd-allports.conf	1501 bytes	0644
firewallcmd-common.conf	2649 bytes	0644
firewallcmd-ipset.conf	3928 bytes	0644
firewallcmd-multiport.conf	1270 bytes	0644
firewallcmd-new.conf	1898 bytes	0644
firewallcmd-rich-logging.conf	1021 bytes	0644
firewallcmd-rich-rules.conf	1753 bytes	0644
helpers-common.conf	592 bytes	0644
hostsdeny.conf	1657 bytes	0644
ipfilter.conf	1573 bytes	0644
ipfw.conf	1505 bytes	0644
iptables-allports.conf	291 bytes	0644
iptables-ipset-proto4.conf	2221 bytes	0644
iptables-ipset-proto6-allports.conf	814 bytes	0644
iptables-ipset-proto6.conf	773 bytes	0644
iptables-ipset.conf	2810 bytes	0644
iptables-multiport-log.conf	2163 bytes	0644
iptables-multiport.conf	232 bytes	0644
iptables-new.conf	332 bytes	0644
iptables-xt_recent-echo.conf	2842 bytes	0644
iptables.conf	4791 bytes	0644
ipthreat.conf	4291 bytes	0644
mail-buffered.conf	2495 bytes	0644
mail-whois-common.conf	1051 bytes	0644
mail-whois-lines.conf	2459 bytes	0644
mail-whois.conf	1890 bytes	0644
mail.conf	1757 bytes	0644
mikrotik.conf	2546 bytes	0644
mynetwatchman.conf	5321 bytes	0644
netscaler.conf	1493 bytes	0644
nftables-allports.conf	383 bytes	0644
nftables-multiport.conf	384 bytes	0644
nftables.conf	6317 bytes	0644
nginx-block-map.conf	4010 bytes	0644
npf.conf	1524 bytes	0644
nsupdate.conf	3234 bytes	0644
osx-afctl.conf	497 bytes	0644
osx-ipfw.conf	2302 bytes	0644
pf.conf	4082 bytes	0644
route.conf	1023 bytes	0644
sendmail-buffered.conf	2806 bytes	0644
sendmail-common.conf	1939 bytes	0644
sendmail-geoip-lines.conf	1761 bytes	0644
sendmail-whois-ipjailmatches.conf	1055 bytes	0644
sendmail-whois-ipmatches.conf	1036 bytes	0644
sendmail-whois-lines.conf	1299 bytes	0644
sendmail-whois-matches.conf	1000 bytes	0644
sendmail-whois.conf	950 bytes	0644
sendmail.conf	829 bytes	0644
shorewall-ipset-proto6.conf	3762 bytes	0644
shorewall.conf	2156 bytes	0644
smtp.py	6655 bytes	0644
symbiosis-blacklist-allports.conf	1503 bytes	0644
ufw.conf	2379 bytes	0644
xarf-login-attack.conf	6443 bytes	0644

File Content: pf.conf

File Content: `pf.conf`