Merge pull request #365 from mmckinst/master

ENH: add support for the APF firewall

ChangeLog

@@ -106,6 +106,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
   Orion Poplawski
    * fail2ban.d/ and jail.d/ directories are added to etc/fail2ban to facilitate
      their use
+  Mark McKinstry
+   * action.d/apf.conf - add action for Advanced Policy Firewall (apf)
 
 ver. 0.8.10 (2013/06/12) - wanna-be-secure
 -----------

THANKS

@@ -42,6 +42,7 @@ kojiro
 Manuel Arostegui Ramirez
 Marcel Dopita
 Mark Edgington
+Mark McKinstry
 Markus Hoffmann
 Marvin Rouge
 mEDI

config/action.d/apf.conf

@@ -0,0 +1,43 @@
+# Fail2Ban configuration file
+#
+# Author: Mark McKinstry
+#
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = 
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = 
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = apf --deny <ip> "banned by Fail2Ban <name>"
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = apf --remove <ip>

config/jail.conf

@@ -421,3 +421,9 @@ enabled = false
 filter = sshd
 action = osx-ipfw
 logpath = /var/log/secure.log
+
+[ssh-apf]
+enabled = false
+filter  = sshd
+action  = apf[name=SSH]
+logpath = /var/log/secure