Add flushaction

Change unban to find by ip address not comment
2020-11-25 18:53:43 +00:00 · 2020-11-25 18:53:43 +00:00 · 0e3e9b1d7f
parent 9997807fb3
commit 0e3e9b1d7f
1 changed files with 9 additions and 4 deletions
--- a/config/action.d/mikrotik.conf
+++ b/config/action.d/mikrotik.conf
@ -4,7 +4,7 @@
 #
 # Author: Duncan Bellamy <dunk@denkimushi.com>
 # based on forum.mikrotik.com post by pakjebakmeel
-#
+##
 # in the instructions:
 # (10.0.0.1 is ip of mikrotik router)
 # (10.0.0.2 is ip of fail2ban machine)
@ -46,13 +46,15 @@

 actionstart =

-actionstop =
+actionstop = %(actionflush)s
+
+actionflush = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" comment~\"%(startcomment)s*\"]"

 actioncheck =

 actionban = %(mtikcommand)s "/ip firewall address-list add list=\"%(mtiklistname)s\" address=<ip> comment=%(mtikcomment)s"

-actionunban = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" comment=%(mtikcomment)s]"
+actionunban = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" address=<ip>]"

 mtikcommand = ssh -l %(mtikuser)s -p%(mtikport)s -i %(mtikkeyfile)s %(mtikhost)s

@ -71,9 +73,12 @@ mtikhost =
 # Option: mtiklistname
 # Notes.: name of "address-list" to use on router
 mtiklistname = Auto Fail2Ban
+# Option: startcomment
+# Notes.: used as a prefix to all comments, and used to match for flushing rules
+startcomment = AutoF2B
 # Option: mtikcomment
 # Notes.: comment to use on routerOS (must be unique as used for ip address removal)
-mtikcomment = AutoF2B-<name>-<ip>
+mtikcomment = %(startcomment)s-<name>-<ip>

 [Init]
 name="%(__name__)s"