github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Update iptables.conf - allow bans to be efective on multiple chains at the same time 

This patch allows the ban to be applied on the INPUT and the FORWARD chain at the time. May be useful at least on routing devices and on docker hosting machines.
pull/3909/head
Arnaud 2024-12-27 11:34:59 +01:00 committed by sebres
parent c76e90fbb1
commit 139151ec81
1 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
config/action.d/iptables.conf
View File

@ -65,22 +65,30 @@ rule-jump = -j <_ipt_rule_target>
# Several capabilities used internally:
_ipt_for_proto-iter = for proto in $(echo '<protocol>' | sed 's/,/ /g'); do
_ipt_for_chain-iter = for chain in $(echo '<chains>' | sed 's/,/ /g'); do
_ipt_for_chain-done = done;
_ipt_for_proto-done = done
_ipt_add_rules = <_ipt_for_proto-iter>
{ %(_ipt_check_rule)s >/dev/null 2>&1; } || { <iptables> -I <chain> %(_ipt_chain_rule)s; }
<_ipt_for_chain-iter>
{ %(_ipt_check_rule)s >/dev/null 2>&1; } || { <iptables> -I $chain %(_ipt_chain_rule)s; }
<_ipt_for_chain-done>
<_ipt_for_proto-done>
_ipt_del_rules = <_ipt_for_proto-iter>
<iptables> -D <chain> %(_ipt_chain_rule)s
<_ipt_for_chain-iter>
<iptables> -D $chain %(_ipt_chain_rule)s
<_ipt_for_chain-done>
<_ipt_for_proto-done>
_ipt_check_rules = <_ipt_for_proto-iter>
<_ipt_for_chain-iter>
%(_ipt_check_rule)s
<_ipt_for_chain-done>
<_ipt_for_proto-done>
_ipt_chain_rule = <pre-rule><ipt_<type>/_chain_rule>
_ipt_check_rule = <iptables> -C <chain> %(_ipt_chain_rule)s
_ipt_check_rule = <iptables> -C $chain %(_ipt_chain_rule)s
_ipt_rule_target = f2b-<name>
[ipt_oneport]
@ -98,11 +106,12 @@ _chain_rule = -p $proto <rule-jump>
[Init]
# Option: chain
# Notes specifies the iptables chain to which the Fail2Ban rules should be
# added
# Option: chains
# Notes specifies the iptables chains to which the Fail2Ban rules should be
# added. May be a sigle chain (eg. INPUT) or a comma separated list
# (eg. INPUT, FORWARD)
# Values: STRING Default: INPUT
chain = INPUT
chains = INPUT
# Default name of the chain
#