From 086176c4df3156358ececd14a94ab9f236a4d85d Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Wed, 23 Mar 2011 16:59:39 -0400 Subject: [PATCH] debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599) + trailing whitespaces were removed Thanks to Christoph Anton Mitterer for the original bugreport raising the concern and Matthijs Kooijman for giving 'chains parameter' idea --- debian/jail.conf | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/debian/jail.conf b/debian/jail.conf index 258bbd7d..b07ccc6e 100644 --- a/debian/jail.conf +++ b/debian/jail.conf @@ -38,8 +38,8 @@ destemail = root@localhost # # Default banning action (e.g. iptables, iptables-new, -# iptables-multiport, shorewall, etc) It is used to define -# action_* variables. Can be overridden globally or per +# iptables-multiport, shorewall, etc) It is used to define +# action_* variables. Can be overridden globally or per # section within jail.local file banaction = iptables-multiport @@ -51,24 +51,27 @@ mta = sendmail # Default protocol protocol = tcp +# Specify chain where jumps would need to be added in iptables-* actions +chain = INPUT + # # Action shortcuts. To be used to define action parameter # The simplest action to take: ban only -action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s"] +action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] # ban & send an e-mail with whois report to the destemail. -action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s"] - %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s"] +action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] + %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] # ban & send an e-mail with whois report and relevant log lines # to the destemail. -action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s"] - %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s] - +action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] + %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] + # Choose default action. To change, just override value of 'action' with the # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local -# globally (section [DEFAULT]) or per specific section +# globally (section [DEFAULT]) or per specific section action = %(action_)s # @@ -78,7 +81,7 @@ action = %(action_)s # Next jails corresponds to the standard configuration in Fail2ban 0.6 which # was shipped in Debian. Enable any defined here jail by including # -# [SECTION_NAME] +# [SECTION_NAME] # enabled = true #