|
|
|
# Fail2Ban configuration file
|
|
|
|
#
|
|
|
|
# Author: Donald Yandt
|
|
|
|
# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
|
|
|
|
|
|
|
|
[INCLUDES]
|
|
|
|
|
|
|
|
before = iptables-common.conf
|
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
|
|
|
actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
|
|
|
|
firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
|
|
|
|
firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
|
|
|
|
|
|
|
|
actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
|
|
|
|
firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
|
|
|
|
firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
|
|
|
|
|
|
|
|
# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
|
|
|
|
|
|
|
|
actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'
|
|
|
|
|
|
|
|
actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
|
|
|
|
|
|
|
|
actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
|
|
|
|
|
|
|
|
[Init]
|
|
|
|
|
|
|
|
# Default name of the chain
|
|
|
|
name = default
|
|
|
|
|
|
|
|
chain = INPUT_direct
|
|
|
|
|
|
|
|
# Could also use port numbers separated by a comma.
|
|
|
|
port = 1:65535
|
|
|
|
|
|
|
|
|
|
|
|
# Option: protocol
|
|
|
|
# Values: [ tcp | udp | icmp | all ]
|
|
|
|
|
|
|
|
protocol = tcp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# DEV NOTES:
|
|
|
|
#
|
|
|
|
# Author: Donald Yandt
|
|
|
|
# Uses "FirewallD" instead of the "iptables daemon".
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# Output:
|
|
|
|
# actionstart:
|
|
|
|
# $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity
|
|
|
|
# success
|
|
|
|
# $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN
|
|
|
|
# success
|
|
|
|
# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
|
|
|
|
# success
|
|
|
|
# actioncheck:
|
|
|
|
# $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
|
|
|
|
# f2b-apache-modsecurity
|
|
|
|
|