Menu
▾
▴
Tree [441cce] master / History
| File | Date | Author | Commit |
|---|---|---|---|
| man | 2021-12-13 |
Phil Sutter
|
[a538de] man: Review man page formatting |
| scripts | 2016-11-25 |
Phil Sutter
|
[549bb9] scripts/iptables.sh: Fix for 'cat' not interpre... |
| src | 2023-02-28 |
Phil Sutter
|
[441cce] Force fd check at every minimal timeout interval |
| tests | 2016-05-07 |
Phil Sutter
|
[82abee] tests/unit/config: Fix for deprecated _BSD_SOURCE |
| .gitignore | 2014-01-23 |
Phil Sutter
|
[828a37] tidy up the closet |
| ChangeLog | 2014-01-14 |
Phil Sutter
|
[003ab7] version 1.1 |
| LICENSE | 2014-01-02 |
Phil Sutter
|
[8e2172] ship a copy of GPLv3 along with the source repo... |
| Makefile | 2022-12-20 |
Phil Sutter
|
[e605c4] Makefile: Do not skip subdir if target exists |
| README | 2016-02-03 |
Phil Sutter
|
[477c49] Refactor sample config and describe usage in RE... |
| TODO | 2016-02-03 |
Phil Sutter
|
[477c49] Refactor sample config and describe usage in RE... |
| mf2b.conf | 2016-02-04 |
Phil Sutter
|
[ec23da] Fix the sample config |
| rules.mk | 2014-01-19 |
Phil Sutter
|
[3566ec] introduce rules.mk, strip mf2b after build |
Read Me
Micro Fail 2 Ban ================ Since the original fail2ban.org requires Python, I considered it to be quite bloaty, especially with use on an embedded device in mind. Micro Fail 2 Ban aims at fixing this. Building the Source ------------------- In most cases, a simple 'make' should do the trick. In case the outcome is not as expected, you may want to have a look at the top-level Makefile for details. Installing the Binaries ----------------------- Just call 'make install'. In case installation to a specific location is desired, the Makefile understands the well-known environment variable DESTDIR. Using the Force --------------- The default 'mf2b.conf' provided with these sources shall serve as a basis for the following instructions. It uses a shell script shipped with this installation for the ban/unban actions, which eases handling of iptables calls. For it to work, you need a dedicated user-defined chain in iptables as well as ip6tables. These will be used by 'iptables.sh' to insert drop rules into (or delete from when the timeout has passed). By default, the script assumes a custom chain named 'mf2b' in the 'filter' table, and the 'INPUT' chain has to link to it for the rules to become effective. Here's a sample setup: # iptables -N mf2b # ip6tables -N mf2b # iptables -I INPUT -j mf2b # ip6tables -I INPUT -j mf2b Once this is done, running 'mf2b' daemon is all that's left to do: # mf2b By default, 'mf2b' will log to syslog so this is definitely worth checking in case it does unexpected things.