/etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 10.0.3.0/24
bantime = 1d
findtime = 2d
maxretry = 2
[pam-generic]
ignoreip = YOUR-LOCAL-CLIENT-IP-RANGE.0.0/16
enabled = true
filter = pam-generic
logpath = /var/log/auth.log
[sshd]
ignoreip = YOUR-LOCAL-CLIENT-IP-RANGE.0.0/16
enabled = true
port = ssh
filter = sshd[mode=aggressive]
maxretry = 4
[drupal-auth]
enabled = true
port = http,https
filter = drupal-auth
logpath = /var/lib/lxc/CONTAINERNAME/rootfs/var/log/syslog
[nginx-401]
enabled = true
port = http,https
filter = nginx-401
logpath = /var/log/nginx/access.log*
maxretry = 100
[nginx-404]
enabled = true
port = http,https
filter = nginx-404
logpath = /var/log/nginx/access.log*
maxretry = 300
[nginx-http-auth]
enabled = true
port = http,https
filter = nginx-http-auth
logpath = /var/log/nginx/error.log*
[nginx-noscript]
enabled = true
port = http,https
filter = nginx-noscript
logpath = /var/log/nginx/access.log*
maxretry = 500
[nginx-nohome]
enabled = true
port = http,https
filter = nginx-nohome
logpath = /var/log/nginx/access.log*
[nginx-noproxy]
enabled = true
port = http,https
filter = nginx-noproxy
logpath = /var/log/nginx/access.log*
[nginx-botsearch]
enabled = true
port = http,https
filter = nginx-botsearch
logpath = /var/log/nginx/error.log*
maxretry = 50
[postfix]
enabled = true
port = smtp,465,submission
filter = postfix[mode=aggressive]
logpath = /var/log/mail.log*
maxretry = 4
[postfix-sasl]
enabled = true
port = smtp,465,submission
filter = postfix-sasl
logpath = /var/log/mail.warn*
maxretry = 1
bantime = 3d
[postfix-flood-attack]
enabled = true
port = smtp,465,submission
filter = postfix-flood-attack
logpath = /var/log/mail.log*
maxretry = 1
bantime = 4d
[dovecot]
enabled = true
port = imap,imaps
filter = dovecot[mode=aggressive]
logpath = /var/log/mail.info*
[recidive]
ignoreip = YOUR-LOCAL-CLIENT-IP-RANGE.0.0/16
enabled = true
filter = recidive
logpath = /var/log/fail2ban.log*
bantime = 1w
findtime = 4w
maxretry = 3