From 6c1cddb78f63c76cb8017bba9959a8458c08e074 Mon Sep 17 00:00:00 2001
From: TuEye <tueye@freenet.de>
Date: Sat, 20 Jun 2020 17:08:48 +0200
Subject: [PATCH] Create new action opnsense-alias.conf - ban IPs using a new
 entry to an OPNsense firewall alias

---
 config/action.d/opnsense-alias.conf | 73 +++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 config/action.d/opnsense-alias.conf

diff --git a/config/action.d/opnsense-alias.conf b/config/action.d/opnsense-alias.conf
new file mode 100644
index 00000000..901e74d9
--- /dev/null
+++ b/config/action.d/opnsense-alias.conf
@@ -0,0 +1,73 @@
+#
+# Author: TuEye
+#
+# IMPORTANT
+#
+# Please set jail.local's permission to 640 because it contains your OS API key.
+#
+# This action depends on curl.
+#
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = curl -k -s -XPOST -d '{"address":"<ip>"}' -H "Content-Type: application/json" -k -u "<oskey>":"<ossecret>" \
+            https://<osaddress>/api/firewall/alias_util/add/<osalias>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = curl -k -s -XPOST -d '{"address":"<ip>"}' -H "Content-Type: application/json" -k -u "<oskey>":"<ossecret>" \
+              https://<osaddress>/api/firewall/alias_util/delete/<osalias>
+
+[Init]
+# Option: oskey
+# Notes.: The api key which you generated in the OPNsense
+# Usage.: use in jail config:  banaction = opnsense-alias[oskey=""]
+oskey =
+
+# Option: ossecret
+# Notes.: The api key which you generated in the OPNsense
+# Usage.: use in jail config:  banaction = opnsense-alias[ossecret=""]
+ossecret =
+
+# Option: osaddress
+# Notes.: The address to your OPNsense eg.: 192.168.1.1:443
+# Usage.: use in jail config:  banaction = opnsense-alias[osaddress=""]
+osaddress = 
+
+# Option: osalias
+# Notes.: The name of the exisiting alias to which the banned IP should be added
+# Usage.: use in jail config:  banaction = opnsense-alias[osalias=""]
+osalias = 
\ No newline at end of file