2022-04-27 20:12:03 +00:00
|
|
|
#
|
|
|
|
# Author: Logic-32
|
|
|
|
#
|
|
|
|
# IMPORTANT
|
|
|
|
#
|
|
|
|
# Please set jail.local's permission to 640 because it contains your CF API token.
|
|
|
|
#
|
|
|
|
# This action depends on curl.
|
|
|
|
#
|
|
|
|
# To get your Cloudflare API token: https://developers.cloudflare.com/api/tokens/create/
|
|
|
|
#
|
|
|
|
# Cloudflare Firewall API: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/endpoints/
|
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
|
|
|
# Option: actionstart
|
|
|
|
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
|
|
|
# Values: CMD
|
|
|
|
#
|
|
|
|
actionstart =
|
|
|
|
|
|
|
|
# Option: actionstop
|
|
|
|
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
|
|
|
# Values: CMD
|
|
|
|
#
|
|
|
|
actionstop =
|
|
|
|
|
|
|
|
# Option: actioncheck
|
|
|
|
# Notes.: command executed once before each actionban command
|
|
|
|
# Values: CMD
|
|
|
|
#
|
|
|
|
actioncheck =
|
|
|
|
|
|
|
|
# Option: actionban
|
|
|
|
# Notes.: command executed when banning an IP. Take care that the
|
|
|
|
# command is executed with Fail2Ban user rights.
|
|
|
|
# Tags: <ip> IP address
|
|
|
|
# <failures> number of failures
|
|
|
|
# <time> unix timestamp of the ban time
|
|
|
|
# Values: CMD
|
|
|
|
actionban = curl -s -X POST "<_cf_api_url>" \
|
|
|
|
<_cf_api_prms> \
|
|
|
|
--data '{"mode":"<cfmode>","configuration":{"target":"<cftarget>","value":"<ip>"},"notes":"<notes>"}'
|
|
|
|
|
|
|
|
# Option: actionunban
|
|
|
|
# Notes.: command executed when unbanning an IP. Take care that the
|
|
|
|
# command is executed with Fail2Ban user rights.
|
|
|
|
# Tags: <ip> IP address
|
|
|
|
# <failures> number of failures
|
|
|
|
# <time> unix timestamp of the ban time
|
|
|
|
# Values: CMD
|
|
|
|
#
|
|
|
|
actionunban = id=$(curl -s -X GET "<_cf_api_url>?mode=<cfmode>¬es=<notes>&configuration.target=<cftarget>&configuration.value=<ip>" \
|
|
|
|
<_cf_api_prms> \
|
|
|
|
| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \
|
|
|
|
| tr -d ' "' \
|
|
|
|
| head -n 1)
|
|
|
|
if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found using target <cftarget>"; exit 0; fi; \
|
|
|
|
curl -s -X DELETE "<_cf_api_url>/$id" \
|
|
|
|
<_cf_api_prms> \
|
|
|
|
--data '{"cascade": "none"}'
|
|
|
|
|
|
|
|
_cf_api_url = https://api.cloudflare.com/client/v4/zones/<cfzone>/firewall/access_rules/rules
|
|
|
|
_cf_api_prms = -H "Authorization: Bearer <cftoken>" -H "Content-Type: application/json"
|
|
|
|
|
|
|
|
[Init]
|
|
|
|
|
|
|
|
# Declare your Cloudflare Authorization Bearer Token in the [DEFAULT] section of your jail.local file.
|
|
|
|
|
|
|
|
# The Cloudflare <ZONE_ID> of hte domain you want to manage.
|
|
|
|
#
|
|
|
|
# cfzone =
|
|
|
|
|
|
|
|
# Your personal Cloudflare token. Ideally restricted to just have "Zone.Firewall Services" permissions.
|
|
|
|
#
|
|
|
|
# cftoken =
|
|
|
|
|
|
|
|
# Target of the firewall rule. Default is "ip" (v4).
|
|
|
|
#
|
|
|
|
cftarget = ip
|
|
|
|
|
|
|
|
# The firewall mode Cloudflare should use. Default is "block" (deny access).
|
|
|
|
# Consider also "js_challenge" or other "allowed_modes" if you want.
|
|
|
|
#
|
|
|
|
cfmode = block
|
|
|
|
|
|
|
|
# The message to include in the firewall IP banning rule.
|
|
|
|
#
|
2022-05-08 02:52:39 +00:00
|
|
|
notes = Fail2Ban <name>
|
2022-05-08 02:41:33 +00:00
|
|
|
|
|
|
|
[Init?family=inet6]
|
|
|
|
cftarget = ip6
|