github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599) 

+ trailing whitespaces were removed

Thanks to Christoph Anton Mitterer for the original bugreport raising the
concern and Matthijs Kooijman for giving 'chains parameter' idea
pull/3/head
Yaroslav Halchenko 2011-03-23 16:59:39 -04:00
parent 350c5f676b
commit 086176c4df
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
debian/jail.conf vendored
View File

@ -38,8 +38,8 @@ destemail = root@localhost
# #
# Default banning action (e.g. iptables, iptables-new, # Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define # iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per # action_* variables. Can be overridden globally or per
# section within jail.local file # section within jail.local file
banaction = iptables-multiport banaction = iptables-multiport
@ -51,24 +51,27 @@ mta = sendmail
# Default protocol # Default protocol
protocol = tcp protocol = tcp
# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT
# #
# Action shortcuts. To be used to define action parameter # Action shortcuts. To be used to define action parameter
# The simplest action to take: ban only # The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s"] action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report to the destemail. # ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s"] action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s"] %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report and relevant log lines # ban & send an e-mail with whois report and relevant log lines
# to the destemail. # to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s"] action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
# Choose default action. To change, just override value of 'action' with the # Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section # globally (section [DEFAULT]) or per specific section
action = %(action_)s action = %(action_)s
# #
@ -78,7 +81,7 @@ action = %(action_)s
# Next jails corresponds to the standard configuration in Fail2ban 0.6 which # Next jails corresponds to the standard configuration in Fail2ban 0.6 which
# was shipped in Debian. Enable any defined here jail by including # was shipped in Debian. Enable any defined here jail by including
# #
# [SECTION_NAME] # [SECTION_NAME]
# enabled = true # enabled = true
# #