Added pass2allow (knocking with fail2ban)

pull/1112/head
Viktor Szépe 2015-07-10 16:22:43 +02:00
parent 95c2a2976f
commit 5d60700c0c
4 changed files with 95 additions and 0 deletions

View File

@ -34,6 +34,9 @@ ver. 0.9.3 (2015/XX/XXX) - wanna-be-released
- New Features:
* New filters:
- froxlor-auth Thanks Joern Muehlencord
* New type of operation:
- pass2allow: use fail2ban for "knocking", opening a closed port
(apache-pass filter, allow-iptables-multiport action)
- Enhancements:
* action.d/cloudflare.conf - improved documentation on how to allow

View File

@ -0,0 +1,59 @@
# Fail2Ban configuration file for allowing hosts
#
# WARNING
# Please be aware that all users behind NAT will access the service on the specified port.
# You should protect this service with another jail that has very long bantime.
[INCLUDES]
before = iptables-common.conf
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = iptables -N f2b-<name>
iptables -A f2b-<name> -j <blocktype>
iptables -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
iptables -F f2b-<name>
iptables -X f2b-<name>
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = iptables -I f2b-<name> 1 -s <ip> -j <allowtype>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban = iptables -D f2b-<name> -s <ip> -j <allowtype>
[Init]
# Option: allowtype
# Notes: ACCEPT skips other chains
# Value: [ RETURN | ACCEPT ]
#
allowtype = RETURN
# Author: Viktor Szépe

View File

@ -0,0 +1,20 @@
# Fail2Ban Apache pass filter
# This filter is for access.log, NOT for error.log
#
# The knocking request must have a referer.
[INCLUDES]
before = apache-common.conf
[Definition]
failregex = ^<HOST> - \w+ \[\] "GET <knocking_url> HTTP/1\.[01]" 200 \d+ ".*" "[^-].*"$
ignoreregex =
[Init]
knocking_url = /knocking/
# Author: Viktor Szépe

View File

@ -767,3 +767,16 @@ port = 2222
enabled = false
logpath = /var/lib/portsentry/portsentry.history
maxretry = 1
[pass2allow]
# allow FTP traffic after successful HTTP auth
enabled = false
filter = apache-pass
banaction = allow-iptables-multiport
# access log of the website with HTTP auth
logpath = /var/log/apache2/access.log
port = ftp,ftp-data,ftps,ftps-data
protocol = tcp
bantime = 3600
maxretry = 1
findtime = 1