Securing the Pi-hole with fail2ban to prevent DNS Amplification attacks 1. Install fail2ban sudo apt-get update ; sudo apt-get install fail2ban 2. create jail file vi /etc/fail2ban/jail.d/pihole-dns.conf [pihole-dns] enabled = true port = 53 action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] logpath = /var/log/pihole.log findtime = 60 maxretry = 5 bantime = 3600 3. create filter file vi /etc/fail2ban/filter.d/pihole-dns.conf # Fail2Ban configuration file # # script from www.marek.tokyo # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = dnsmasq # log example from /var/log/pihole.
Comments
Post a Comment