BF: use blocktype for iptables-ipset-proto6*

2013-10-09 11:59:16 +11:00 · 2013-10-09 11:59:16 +11:00 · 1a5e17f2a3
parent dcb845f17c
commit 1a5e17f2a3
3 changed files with 8 additions and 14 deletions
--- a/config/action.d/iptables-ipset-proto4.conf
+++ b/config/action.d/iptables-ipset-proto4.conf
@ -11,12 +11,11 @@
 # IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
 #
 # If you are running on an older kernel you make need to patch in external
-# modules.
+# modules. Debian squeeze can do this with:
+#   apt-get install xtables-addons-source 
+#   module-assistant auto-install xtables-addons
 #
-# On Debian machines this can be done with:
-#
-# apt-get install ipset xtables-addons-source 
-# module-assistant auto-install xtables-addons
+# Debian wheezy and above uses protocol 6

 [INCLUDES]

--- a/config/action.d/iptables-ipset-proto6-allports.conf
+++ b/config/action.d/iptables-ipset-proto6-allports.conf
@ -25,13 +25,13 @@ before = iptables-blocktype.conf
 # Values:  CMD
 #
 actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
-              iptables -I INPUT -m set --match-set fail2ban-<name> src -j DROP
+              iptables -I INPUT -m set --match-set fail2ban-<name> src -j <blocktype>

 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D INPUT -m set --match-set fail2ban-<name> src -j DROP
+actionstop = iptables -D INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
             ipset flush fail2ban-<name>
             ipset destroy fail2ban-<name>

--- a/config/action.d/iptables-ipset-proto6.conf
+++ b/config/action.d/iptables-ipset-proto6.conf
@ -12,11 +12,6 @@
 #
 # If you are running on an older kernel you make need to patch in external
 # modules.
-#
-# On Debian machines this can be done with:
-#
-# apt-get install ipset xtables-addons-source 
-# module-assistant auto-install xtables-addons

 [INCLUDES]

@ -30,13 +25,13 @@ before = iptables-blocktype.conf
 # Values:  CMD
 #
 actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
-              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j DROP
+              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>

 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j DROP
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
             ipset flush fail2ban-<name>
             ipset destroy fail2ban-<name>