I recently implemented Fail2ban on a FreeBSD jail host. It monitors log files within the jails, from the host. Offensive IP addresses which act up in one jail will be blocked at the host, thus blocking the rascal IP from all jails.
This has been running for about two weeks. Today I added another tool, the WP fail2ban plugin.
The plugin comes with a wordpress.local file, but to make it work with FreeBSD, it needs a tweak; it needs to use pf.
This is the file I placed at /usr/local/etc/fail2ban/jail.d/wordpress.local
[wordpress]
enabled = true
filter = wordpress
action = pf
logpath = /usr/jails/dan.langille.org/var/log/auth.log
/usr/jails/jail1.example.org/var/log/auth.log
/usr/jails/jail2.example.org/var/log/auth.log
/usr/jails/jail3.example.org/var/log/auth.log
findtime = 86400
maxretry = 1
bantime = 1209600
Hope this helps.
