mirror of https://github.com/fail2ban/fail2ban
Added pass2allow (knocking with fail2ban)
parent
95c2a2976f
commit
5d60700c0c
|
@ -34,6 +34,9 @@ ver. 0.9.3 (2015/XX/XXX) - wanna-be-released
|
|||
- New Features:
|
||||
* New filters:
|
||||
- froxlor-auth Thanks Joern Muehlencord
|
||||
* New type of operation:
|
||||
- pass2allow: use fail2ban for "knocking", opening a closed port
|
||||
(apache-pass filter, allow-iptables-multiport action)
|
||||
|
||||
- Enhancements:
|
||||
* action.d/cloudflare.conf - improved documentation on how to allow
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
# Fail2Ban configuration file for allowing hosts
|
||||
#
|
||||
# WARNING
|
||||
# Please be aware that all users behind NAT will access the service on the specified port.
|
||||
# You should protect this service with another jail that has very long bantime.
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
before = iptables-common.conf
|
||||
|
||||
[Definition]
|
||||
|
||||
# Option: actionstart
|
||||
# Notes.: command executed once at the start of Fail2Ban.
|
||||
# Values: CMD
|
||||
#
|
||||
actionstart = iptables -N f2b-<name>
|
||||
iptables -A f2b-<name> -j <blocktype>
|
||||
iptables -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed once at the end of Fail2Ban
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
|
||||
iptables -F f2b-<name>
|
||||
iptables -X f2b-<name>
|
||||
|
||||
# Option: actioncheck
|
||||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionban = iptables -I f2b-<name> 1 -s <ip> -j <allowtype>
|
||||
|
||||
# Option: actionunban
|
||||
# Notes.: command executed when unbanning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionunban = iptables -D f2b-<name> -s <ip> -j <allowtype>
|
||||
|
||||
[Init]
|
||||
|
||||
# Option: allowtype
|
||||
# Notes: ACCEPT skips other chains
|
||||
# Value: [ RETURN | ACCEPT ]
|
||||
#
|
||||
allowtype = RETURN
|
||||
|
||||
# Author: Viktor Szépe
|
|
@ -0,0 +1,20 @@
|
|||
# Fail2Ban Apache pass filter
|
||||
# This filter is for access.log, NOT for error.log
|
||||
#
|
||||
# The knocking request must have a referer.
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
before = apache-common.conf
|
||||
|
||||
[Definition]
|
||||
|
||||
failregex = ^<HOST> - \w+ \[\] "GET <knocking_url> HTTP/1\.[01]" 200 \d+ ".*" "[^-].*"$
|
||||
|
||||
ignoreregex =
|
||||
|
||||
[Init]
|
||||
|
||||
knocking_url = /knocking/
|
||||
|
||||
# Author: Viktor Szépe
|
|
@ -767,3 +767,16 @@ port = 2222
|
|||
enabled = false
|
||||
logpath = /var/lib/portsentry/portsentry.history
|
||||
maxretry = 1
|
||||
|
||||
[pass2allow]
|
||||
# allow FTP traffic after successful HTTP auth
|
||||
enabled = false
|
||||
filter = apache-pass
|
||||
banaction = allow-iptables-multiport
|
||||
# access log of the website with HTTP auth
|
||||
logpath = /var/log/apache2/access.log
|
||||
port = ftp,ftp-data,ftps,ftps-data
|
||||
protocol = tcp
|
||||
bantime = 3600
|
||||
maxretry = 1
|
||||
findtime = 1
|
||||
|
|
Loading…
Reference in New Issue