blackhole.sh

sudo nano /etc/fail2ban/filter.d/packetflood.conf

[Definition]
failregex = .*SRC=<HOST>.*dpt=.* packets: [2-9][0-9]{3,} .*
ignoreregex =

sudo nano /etc/fail2ban/jail.local

[packetflood-blackhole]
enabled  = true
filter   = packetflood
action   = blackhole
logpath  = /var/log/syslog
maxretry = 1
bantime  = 900

sudo nano /etc/fail2ban/action.d/blackhole.conf

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ip route add blackhole <ip>
actionunban = ip route del blackhole <ip>

sudo systemctl restart fail2ban
sudo fail2ban-client status packetflood-blackhole

Leave a Reply

Your email address will not be published. Required fields are marked *