github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

BF: use blocktype for iptables-ipset-proto6*

pull/385/head
Daniel Black 2013-10-09 11:59:16 +11:00
parent dcb845f17c
commit 1a5e17f2a3
3 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/action.d/iptables-ipset-proto4.conf
View File

@ -11,12 +11,11 @@
# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels. # IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
# #
# If you are running on an older kernel you make need to patch in external # If you are running on an older kernel you make need to patch in external
# modules. # modules. Debian squeeze can do this with:
# apt-get install xtables-addons-source
# module-assistant auto-install xtables-addons
# #
# On Debian machines this can be done with: # Debian wheezy and above uses protocol 6
#
# apt-get install ipset xtables-addons-source
# module-assistant auto-install xtables-addons
[INCLUDES] [INCLUDES]

4
config/action.d/iptables-ipset-proto6-allports.conf
View File

@ -25,13 +25,13 @@ before = iptables-blocktype.conf
# Values: CMD # Values: CMD
# #
actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime> actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
iptables -I INPUT -m set --match-set fail2ban-<name> src -j DROP iptables -I INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
# Values: CMD # Values: CMD
# #
actionstop = iptables -D INPUT -m set --match-set fail2ban-<name> src -j DROP actionstop = iptables -D INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
ipset flush fail2ban-<name> ipset flush fail2ban-<name>
ipset destroy fail2ban-<name> ipset destroy fail2ban-<name>

9
config/action.d/iptables-ipset-proto6.conf
View File

@ -12,11 +12,6 @@
# #
# If you are running on an older kernel you make need to patch in external # If you are running on an older kernel you make need to patch in external
# modules. # modules.
#
# On Debian machines this can be done with:
#
# apt-get install ipset xtables-addons-source
# module-assistant auto-install xtables-addons
[INCLUDES] [INCLUDES]
@ -30,13 +25,13 @@ before = iptables-blocktype.conf
# Values: CMD # Values: CMD
# #
actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime> actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j DROP iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
# Values: CMD # Values: CMD
# #
actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j DROP actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
ipset flush fail2ban-<name> ipset flush fail2ban-<name>
ipset destroy fail2ban-<name> ipset destroy fail2ban-<name>