This document takes a look at MeshCentral Router, a Windows application that performs TCP and UDP port mapping from a local machine to any remote computer through a MeshCentral servers. This document should allow the user to Internet relay traffic through NAT routers and firewalls.

Intrusion prevention framework that bans malicious IPs.

Overview

Fail2ban is an intrusion prevention system written in Python that protects Linux and Unix web servers from brute-force attacks by monitoring log files and banning IP addresses that show suspicious activity. Originally developed by Cyril Jaquier in 2004, fail2ban works by parsing log files through regular expressions, identifying patterns that indicate malicious behavior like repeated failed login attempts, and automatically creating firewall rules to block offending IP addresses for specified time periods.

FreeBSD can play not only one but three firewalls. Networking is complicated by itself and firewalls can be complex too. So when they mix together your brain may collapse. Pick up one and then learn how the networks function and later how to manipulate the firewall.  One of those three firewalls in FreeBSD is IPFW. The minimal configuration for IPFW is the one written on this article. Don’t think of this firewall as a dumb, too simple firewall solution. Mac OS X, for example, uses it and puts a nice interface in the System Settings so any noob can use it. Although nowadays it’s using another firewall PFCTL I guess it’s from the OpenBSD, it has had IPFW for many years as the default firewall. And quite frankly it has served many users pretty well.

We will edit the main os configuration file with nano.

As always under FreeBSD the /etc/rc.conf file is the one in charge to activate OS level features as well as some other important software. Type this command to set the firewall configuration into the right file:

sudo nano /etc/rc.conf

Now edit the rules so they look as follows.

firewall_enable="YES"
firewall_quiet="YES"
firewall_type="workstation"
firewall_myservices="22 80 443 10000"
firewall_allowservices="any"
firewall_logdeny="YES"

Now you must start up the service in order for the firewall to start working. Type the following order at the terminal prompt.

sudo service ipfw onestart

The numbers appearing in the line firewall_myservices=”22 80…” are the ports the firewall leaves open. The rest of the ports to your server or workstation will remain closed.

The opened ones are the basic to run a web server. Port number 22 is used for remote connections through SSH (secure shell). The number 80 is used by the HTTP protocol and since we are setting up a web server this is mandatory. Something similar happens with the port number 443 but this is the one for the https, which is the http protocol surrounded by an TLS encryption so no one can read the content in it.

Fail2ban is a complementary tool to your firewall. It works by scanning log files and bans IPs which present suspicious activity such as failed logins. It is compatible with many UNIX-like systems and is a security tool to have in your arsenal. It can filter not only ssh logins, but other services too, for example CMS web sites as WordPress or Drupal, repositories such as your own GitLab, and even your Postfix (or other) mail server.

If the modern Settings UI is broken (sometimes seen after feature updates), the classic Date and Time dialog still works.

• Press Win + R, type timedate.cpl and press Enter.

When the Settings UI is unavailable, Windows provides command‑line tools to set or inspect time zone entries.
Key commands:

• Check current time zone: tzutil /g
• List available time zones: tzutil /l
• Set a time zone: tzutil /s "Time Zone Name" (the Windows time zone string, e.g., "Pacific Standard Time").