github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)

pull/2814/head
sebres 2020-06-24 19:20:36 +02:00
parent 5a0edf61c9
commit 309c8dddd7
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/action.d/nftables.conf
View File

@ -34,7 +34,7 @@ type = multiport
rule_match-custom = rule_match-custom =
rule_match-allports = meta l4proto \{ <protocol> \} rule_match-allports = meta l4proto \{ <protocol> \}
rule_match-multiport = $proto dport \{ <port> \} rule_match-multiport = $proto dport \{ $(echo '<port>' | sed s/:/-/g) \}
match = <rule_match-<type>> match = <rule_match-<type>>
# Option: rule_stat # Option: rule_stat

4
fail2ban/tests/servertestcase.py
View File

@ -1296,11 +1296,11 @@ class ServerConfigReaderTests(LogCaptureTestCase):
), ),
'ip4-start': ( 'ip4-start': (
r"`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`", r"`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`",
r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip saddr @addr-set-j-w-nft-mp reject`", r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`",
), ),
'ip6-start': ( 'ip6-start': (
r"`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`", r"`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`",
r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip6 saddr @addr6-set-j-w-nft-mp reject`", r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
), ),
'flush': ( 'flush': (
"`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || ", "`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || ",