diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh index 04c7d13..dcfc316 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh @@ -15,4 +15,16 @@ EOF $OUT .= " smeserver-sendmail[name=\"SSH\",dest=$maildest]\n" if ($mail eq 'enabled'); +$OUT .=<<"EOF"; + +[ssh-ddos] +enabled = true +filter = sshd-ddos +logpath = /var/log/sshd/current +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"SSH\",dest=$maildest]\n" + if ($mail eq 'enabled'); + }