diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf index c8314b9d..462e3ce4 100644 --- a/config/action.d/iptables.conf +++ b/config/action.d/iptables.conf @@ -65,22 +65,30 @@ rule-jump = -j <_ipt_rule_target> # Several capabilities used internally: _ipt_for_proto-iter = for proto in $(echo '' | sed 's/,/ /g'); do +_ipt_for_chain-iter = for chain in $(echo '' | sed 's/,/ /g'); do +_ipt_for_chain-done = done; _ipt_for_proto-done = done _ipt_add_rules = <_ipt_for_proto-iter> - { %(_ipt_check_rule)s >/dev/null 2>&1; } || { -I %(_ipt_chain_rule)s; } + <_ipt_for_chain-iter> + { %(_ipt_check_rule)s >/dev/null 2>&1; } || { -I $chain %(_ipt_chain_rule)s; } + <_ipt_for_chain-done> <_ipt_for_proto-done> _ipt_del_rules = <_ipt_for_proto-iter> - -D %(_ipt_chain_rule)s + <_ipt_for_chain-iter> + -D $chain %(_ipt_chain_rule)s + <_ipt_for_chain-done> <_ipt_for_proto-done> _ipt_check_rules = <_ipt_for_proto-iter> + <_ipt_for_chain-iter> %(_ipt_check_rule)s + <_ipt_for_chain-done> <_ipt_for_proto-done> _ipt_chain_rule = /_chain_rule> -_ipt_check_rule = -C %(_ipt_chain_rule)s +_ipt_check_rule = -C $chain %(_ipt_chain_rule)s _ipt_rule_target = f2b- [ipt_oneport] @@ -98,11 +106,12 @@ _chain_rule = -p $proto [Init] -# Option: chain -# Notes specifies the iptables chain to which the Fail2Ban rules should be -# added +# Option: chains +# Notes specifies the iptables chains to which the Fail2Ban rules should be +# added. May be a sigle chain (eg. INPUT) or a comma separated list +# (eg. INPUT, FORWARD) # Values: STRING Default: INPUT -chain = INPUT +chains = INPUT # Default name of the chain #