- Added ipfw action script and example. Thanks to Nick Munger

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@421 a942ae1a-1317-0410-a47c-b1dcaea8d605
18 years ago · 51fd8fac27
4 changed files with 81 additions and 1 deletions
--- a/3
+++ b/3
@ -15,7 +15,8 @@ ver. 0.7.4 (2006/??/??) - beta
 - Added "-s" option to specify the socket path and "socket"
  option in "fail2ban.conf"
 - Added "backend" option in "jail.conf"
- Added more filters/actions and jail samples
+- Added more filters/actions and jail samples. Thanks to Nick
+  Munger
 - Improved testing framework

 ver. 0.7.3 (2006/09/28) - beta
--- a/1
+++ b/1
@ -60,6 +60,7 @@ config/filter.d/sshd.conf
 config/filter.d/proftpd.conf
 config/filter.d/sasl.conf
 config/action.d/iptables.conf
+config/action.d/ipfw.conf
 config/action.d/mail-whois.conf
 config/action.d/mail.conf
 config/action.d/hostsdeny.conf
--- a/config/action.d/ipfw.conf
+++ b/config/action.d/ipfw.conf
@ -0,0 +1,66 @@
+# Fail2Ban configuration file
+#
+# Author: Nick Munger
+# Modified by: Cyril Jaquier
+#
+# $Revision: 254 $
+#
+
+[Definition]
+
+# Option:  fwstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = 
+
+
+# Option:  fwend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = 
+
+
+# Option:  fwcheck
+# Notes.:  command executed once before each fwban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  fwban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <bantime>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = ipfw add deny tcp from <ip> to <localhost> <port>
+
+
+# Option:  fwunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <bantime>  unix timestamp of the ban time
+#          <unbantime>  unix timestamp of the unban time
+# Values:  CMD
+#
+actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
+
+[Init]
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  localhost
+# Notes.:  the local IP address of the network interface
+# Values:  IP
+#
+localhost = 127.0.0.1
--- a/config/jail.conf
+++ b/config/jail.conf
@ -121,3 +121,15 @@ filter   = apache-noscript
 action   = shorewall
           mail[name=Postfix, dest=yourmail@mail.com]
 logpath  = /var/log/apache2/error_log
+
+# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
+# option is overridden in this jail.
+
+[ssh-ipfw]
+
+enabled  = false
+filter   = sshd
+action   = ipfw[localhost=192.168.0.1]
+           mail-whois[name=SSH, dest=yourmail@mail.com]
+logpath  = /var/log/auth.log
+ignoreip = 168.192.0.1