diff --git a/config/fail2ban.conf.iptables b/config/fail2ban.conf.iptables index 302a52b4..75c1266d 100644 --- a/config/fail2ban.conf.iptables +++ b/config/fail2ban.conf.iptables @@ -127,19 +127,25 @@ maxreinits = -1 # protocol = tcp +# Option: fwchain +# Notes.: chain from which to jump into fail2ban chains +# Values: TEXT Default: INPUT +# +fwchain = INPUT + # Option: fwstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD Default: # fwstart = iptables -N fail2ban-%(__name__)s iptables -A fail2ban-%(__name__)s -j RETURN - iptables -I INPUT -p %(protocol)s --dport %(port)s -j fail2ban-%(__name__)s + iptables -I %(fwchain)s -p %(protocol)s --dport %(port)s -j fail2ban-%(__name__)s # Option: fwend # Notes.: command executed once at the end of Fail2Ban # Values: CMD Default: # -fwend = iptables -D INPUT -p %(protocol)s --dport %(port)s -j fail2ban-%(__name__)s +fwend = iptables -D %(fwchain)s -p %(protocol)s --dport %(port)s -j fail2ban-%(__name__)s iptables -F fail2ban-%(__name__)s iptables -X fail2ban-%(__name__)s @@ -147,7 +153,7 @@ fwend = iptables -D INPUT -p %(protocol)s --dport %(port)s -j fail2ban-%(__name_ # Notes.: command executed once before each fwban command # Values: CMD Default: # -fwcheck = iptables -L INPUT | grep -q fail2ban-%(__name__)s +fwcheck = iptables -L %(fwchain)s | grep -q fail2ban-%(__name__)s # Option: fwban # Notes.: command executed when banning an IP. Take care that the diff --git a/debian/changelog b/debian/changelog index 95ee014d..1a2066b0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ fail2ban (0.6.1-0.1) unstable; urgency=low * New upstream release + * In config file added fwchain to ease switching to another input chain + (closes: #357164) -- Yaroslav Halchenko Sat, 18 Mar 2006 23:11:53 -0500