pratik/server_init_harden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(FreeBSD pf): Avoid config file overwriting during fail2ban setup

Browse Source 
- During fail2ban setup, `cp` `/etc/pf.conf` instead of `mv`
- Append fail2ban configuration to `/etc/pf.conf`
This commit is contained in:
Pratik Tripathy
2025-10-10 22:11:21 +05:30
parent b2359227ee
commit 959a4b739e
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
init-linux-harden.sh
View File

@@ -618,7 +618,6 @@ configure_firewall_linux() {
} }
configure_firewall_freebsd() { configure_firewall_freebsd() {
# Path to the new pf configuration file
PF_CONF_FILE="/etc/pf.conf" PF_CONF_FILE="/etc/pf.conf"
# Create backup with timestamps # Create backup with timestamps
@@ -944,14 +943,14 @@ configure_fail2ban_freebsd() {
if [ -f "$PF_CONF_FILE" ]; then if [ -f "$PF_CONF_FILE" ]; then
PF_CONF_BACKUP_FILE="${PF_CONF_FILE}.bak.${TIMESTAMP}" PF_CONF_BACKUP_FILE="${PF_CONF_FILE}.bak.${TIMESTAMP}"
output=$(mv "$PF_CONF_FILE" "$PF_CONF_BACKUP_FILE" 2>&1) output=$(cp "$PF_CONF_FILE" "$PF_CONF_BACKUP_FILE" 2>&1)
file_log "INFO" "Backed up existing configuration to $PF_CONF_BACKUP_FILE" file_log "INFO" "Backed up existing configuration to $PF_CONF_BACKUP_FILE"
file_log "INFO" "$output" file_log "INFO" "$output"
fi fi
# Add fail2ban table to PF configuration # Add fail2ban table to PF configuration
if ! grep -q 'table <f2b>' "$PF_CONF_FILE" 2>/dev/null; then if ! grep -q 'table <f2b>' "$PF_CONF_FILE" 2>/dev/null; then
cat >>"$PF_CONF_FILE" <<'EOF' cat <<'EOF' >>"$PF_CONF_FILE"
# Fail2ban table and anchor # Fail2ban table and anchor
table <f2b> persist table <f2b> persist