As I mentioned in other pages, it's a good ideea to slow down the brute force attackers with tools like fail2ban.
On FreeBSD, fail2ban can protect specific services using the firewall, ipfw or pf. Since I don't want this server to use multiple firewalls, I only enable ipfw protection methods.
If the kernel configuration file is the same as on the first page, IPFW firewall should be enabled on startup, using a 'default allow' policy. You should take this in consideration when setting up the firewall. Fail2ban banning method with ipfw refers ti a 'table 1', where it adds offending IP addresses. I don't want to change this behaviour, so I'll use the IPFW table numbered 1 for this purpose. If the kernel is compiled with the default configuration file, there should be added additional rules to /etc/rc.firewall.local, to allow more traffic, or a 'ipfw add 65000 pass ip from any to any' rule, since the ipfw module installed by default uses a 'default deny' policy.
### Enable the firewall, add a DENY rule for TCP packets coming from table\(1\), table used by fail2ban to hold offending hosts. It is possible to use pf instead of ipfw
Make the firewall script startable by the /etc/rc.d/ipfw script
The rules can be applied immediately
### Fail2ban installation and setup
### Adjust fail2ban timing parameters and ignoreip list
### Create the jails for fail2ban. Adjust timing parameters to taste. If anything goes wrong, the banned hosts list can be purged using 'ipfw table\(1\) flush' or 'ipfw table 1 delete 188.8.131.52'.
### Enable automatic startup for fail2ban
### Start fail2ban
### Test if it's working properly. Login to another host and force some failures which should trigger fail2ban, check /var/log/fail2ban.log
Prev: Configure Postfix with MySQL support, SASL, Dovecot LDA, virtual users
How to > FreeBSD 9 Mail server setup: Postfix, Dovecot 2, Virtual Users, MySQL, SASL, Postfixadmin and others >