Posts

Showing posts from February, 2019

Securing the Pi-hole with fail2ban to prevent DNS Amplification attacks

Securing the Pi-hole with fail2ban to prevent DNS Amplification attacks   1. Install fail2ban  sudo apt-get update ; sudo apt-get install fail2ban 2. create jail file vi /etc/fail2ban/jail.d/pihole-dns.conf [pihole-dns] enabled = true port     = 53 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]            %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] logpath = /var/log/pihole.log findtime = 60 maxretry = 5 bantime = 3600   3. create filter file vi /etc/fail2ban/filter.d/pihole-dns.conf # Fail2Ban configuration file # # script from www.marek.tokyo # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = dnsmasq # log example from /var/log/pihole.