amend-merge for pull request #1429 from sebres/0.10-freebsd-fix-pf

actiontype for PF action (all- and multi port)
2016-05-19 14:52:10 +02:00 · 2016-05-19 14:52:10 +02:00 · 4cdca8c258
parent 01d9a41ba1 4d51c591c1
commit 4cdca8c258
1 changed files with 10 additions and 4 deletions
--- a/config/action.d/pf.conf
+++ b/config/action.d/pf.conf
@ -16,7 +16,7 @@
 # we don't enable PF automatically; to enable run pfctl -e 
 # or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD)
 actionstart = echo "table <<tablename>-<name>> persist counters" | pfctl -f- 
-              echo "block proto <protocol> from <<tablename>-<name>> to any<actiontype>" | pfctl -f-
+              echo "block proto <protocol> from <<tablename>-<name>> to <actiontype>" | pfctl -f-


 # Option:  actionstop
@ -76,14 +76,20 @@ protocol = tcp
 # Notes.:  specifies port to monitor
 # Values:  [ NUM | STRING ]  Default:
 #
-port = telnet
+#port = telnet

 # Option: actiontype
 # Notes.: defines additions to the blocking rule
 # Values: leave empty to block all attempts from the host
-actiontype = 
+# Default: Value of the allports
+actiontype = any
+
+# Option: allports
+# Notes.: default addition to block all ports
+# Usage.: use in jail config: "banaction = pf[actiontype=<allports>]"
+allports = any

 # Option: multiport
 # Notes.: addition to block access only to specific ports
 # Usage.: use in jail config: "banaction = pf[actiontype=<multiport>]"
-multiport = <sp>port <port>
+multiport = any port <port>