blob: a2b9f78a3a6e2f61b6f8f5498bb913ab8438a167 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[sshd-session-preauth]
enabled = true
backend = systemd
filter = sshd-session-preauth
# journal match: use the unit and/or the SYSLOG_IDENTIFIER seen in logs
journalmatch = _SYSTEMD_UNIT=ssh.service + SYSLOG_IDENTIFIER=sshd-session
# Your SSH is on 57385; Fail2ban does not need it for matching, but does for actions:
port = 57385
mode = aggressive
# Thresholds (safe defaults; adjust later)
findtime = 10m
maxretry = 5
bantime = 24h
# nftables action (single-IP bans)
banaction = nftables
|