mirror of https://github.com/fail2ban/fail2ban
ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman: see http://bugs.debian.org/515599
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@771 a942ae1a-1317-0410-a47c-b1dcaea8d605_tent/ipv6_via_aInfo
Yaroslav Halchenko
parent
6558c03f8e
commit
3831fbf98b
|
|
@ -15,13 +15,13 @@
|
|||
#
|
||||
actionstart = iptables -N fail2ban-<name>
|
||||
iptables -A fail2ban-<name> -j RETURN
|
||||
iptables -I INPUT -p <protocol> -j fail2ban-<name>
|
||||
iptables -I <chain> -p <protocol> -j fail2ban-<name>
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed once at the end of Fail2Ban
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name>
|
||||
actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
|
||||
iptables -F fail2ban-<name>
|
||||
iptables -X fail2ban-<name>
|
||||
|
||||
|
|
@ -29,7 +29,7 @@ actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name>
|
|||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
|
||||
actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
|
|
@ -63,3 +63,8 @@ name = default
|
|||
#
|
||||
protocol = tcp
|
||||
|
||||
# Option: chain
|
||||
# Notes specifies the iptables chain to which the fail2ban rules should be
|
||||
# added
|
||||
# Values: STRING Default: INPUT
|
||||
chain = INPUT
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
#
|
||||
# make "fail2ban-<name>" chain to match drop IP
|
||||
# make "fail2ban-<name>-log" chain to log and drop
|
||||
# insert a jump to fail2ban-<name> from -I INPUT if proto/port match
|
||||
# insert a jump to fail2ban-<name> from -I <chain> if proto/port match
|
||||
#
|
||||
# $Revision$
|
||||
#
|
||||
|
|
@ -18,7 +18,7 @@
|
|||
#
|
||||
actionstart = iptables -N fail2ban-<name>
|
||||
iptables -A fail2ban-<name> -j RETURN
|
||||
iptables -I INPUT 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
|
||||
iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
|
||||
iptables -N fail2ban-<name>-log
|
||||
iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
|
||||
iptables -A fail2ban-<name>-log -j DROP
|
||||
|
|
@ -27,7 +27,7 @@ actionstart = iptables -N fail2ban-<name>
|
|||
# Notes.: command executed once at the end of Fail2Ban
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
|
||||
actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
|
||||
iptables -F fail2ban-<name>
|
||||
iptables -F fail2ban-<name>-log
|
||||
iptables -X fail2ban-<name>
|
||||
|
|
@ -76,3 +76,9 @@ port = ssh
|
|||
# Values: [ tcp | udp | icmp | all ] Default: tcp
|
||||
#
|
||||
protocol = tcp
|
||||
|
||||
# Option: chain
|
||||
# Notes specifies the iptables chain to which the fail2ban rules should be
|
||||
# added
|
||||
# Values: STRING Default: INPUT
|
||||
chain = INPUT
|
||||
|
|
|
|||
|
|
@ -13,13 +13,13 @@
|
|||
#
|
||||
actionstart = iptables -N fail2ban-<name>
|
||||
iptables -A fail2ban-<name> -j RETURN
|
||||
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
|
||||
iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed once at the end of Fail2Ban
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
|
||||
actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
|
||||
iptables -F fail2ban-<name>
|
||||
iptables -X fail2ban-<name>
|
||||
|
||||
|
|
@ -27,7 +27,7 @@ actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fai
|
|||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
|
||||
actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
|
|
@ -67,3 +67,8 @@ port = ssh
|
|||
#
|
||||
protocol = tcp
|
||||
|
||||
# Option: chain
|
||||
# Notes specifies the iptables chain to which the fail2ban rules should be
|
||||
# added
|
||||
# Values: STRING Default: INPUT
|
||||
chain = INPUT
|
||||
|
|
|
|||
|
|
@ -15,13 +15,13 @@
|
|||
#
|
||||
actionstart = iptables -N fail2ban-<name>
|
||||
iptables -A fail2ban-<name> -j RETURN
|
||||
iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
|
||||
iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed once at the end of Fail2Ban
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop = iptables -D INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
|
||||
actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
|
||||
iptables -F fail2ban-<name>
|
||||
iptables -X fail2ban-<name>
|
||||
|
||||
|
|
@ -29,7 +29,7 @@ actionstop = iptables -D INPUT -m state --state NEW -p <protocol> --dport <port>
|
|||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
|
||||
actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
|
|
@ -69,3 +69,8 @@ port = ssh
|
|||
#
|
||||
protocol = tcp
|
||||
|
||||
# Option: chain
|
||||
# Notes specifies the iptables chain to which the fail2ban rules should be
|
||||
# added
|
||||
# Values: STRING Default: INPUT
|
||||
chain = INPUT
|
||||
|
|
|
|||
|
|
@ -13,13 +13,13 @@
|
|||
#
|
||||
actionstart = iptables -N fail2ban-<name>
|
||||
iptables -A fail2ban-<name> -j RETURN
|
||||
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
|
||||
iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed once at the end of Fail2Ban
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
|
||||
actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
|
||||
iptables -F fail2ban-<name>
|
||||
iptables -X fail2ban-<name>
|
||||
|
||||
|
|
@ -27,7 +27,7 @@ actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
|
|||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
|
||||
actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
|
|
@ -67,3 +67,8 @@ port = ssh
|
|||
#
|
||||
protocol = tcp
|
||||
|
||||
# Option: chain
|
||||
# Notes specifies the iptables chain to which the fail2ban rules should be
|
||||
# added
|
||||
# Values: STRING Default: INPUT
|
||||
chain = INPUT
|
||||
|
|
|
|||
Loading…
Reference in New Issue