ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter

2015-07-23 21:29:05 -04:00 · 2015-07-23 21:29:05 -04:00 · 31dc4e2263
parent 7a011fca1b
commit 31dc4e2263
1 changed files with 13 additions and 0 deletions
--- a/config/action.d/iptables-common.conf
+++ b/config/action.d/iptables-common.conf
@ -49,3 +49,16 @@ blocktype = REJECT --reject-with icmp-port-unreachable
 #          in all (blocking) actions, except REJECT in allowing actions.
 # Values:  STRING
 returntype = RETURN
+
+# Option:  lockingopt
+# Notes.:  Option was introduced to iptables to prevent multiple instances from
+#          running concurrently and causing irratic behavior.  -w was introduced
+#          in iptables 1.4.20, so might be absent on older systems
+#          See https://github.com/fail2ban/fail2ban/issues/1122
+# Values:  STRING
+lockingopt = -w
+
+# Option:  iptables
+# Notes.:  Actual command to be executed, including common to all calls options
+# Values:  STRING
+iptables = iptables <lockingopt>