github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

use same naming for iptables chains for v4 and v6

pull/1374/head
Alexander Koeppe 2016-04-08 23:20:43 +02:00
parent fd36287354
commit 6e7b4a8221
5 changed files with 50 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
config/action.d/iptables-allports.conf
View File

@ -23,9 +23,9 @@ actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype> <iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> -j f2b-<name> <iptables> -I <chain> -p <protocol> -j f2b-<name>
actionstart6 = <ip6tables> -N f2b-<name>6 actionstart6 = <ip6tables> -N f2b-<name>
<ip6tables> -A f2b-<name>6 -j <returntype> <ip6tables> -A f2b-<name> -j <returntype>
<ip6tables> -I <chain> -p <protocol> -j f2b-<name>6 <ip6tables> -I <chain> -p <protocol> -j f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
@ -35,16 +35,16 @@ actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
<iptables> -F f2b-<name> <iptables> -F f2b-<name>
<iptables> -X f2b-<name> <iptables> -X f2b-<name>
actionstop6 = <ip6tables> -D <chain> -p <protocol> -j f2b-<name>6 actionstop6 = <ip6tables> -D <chain> -p <protocol> -j f2b-<name>
<ip6tables> -F f2b-<name>6 <ip6tables> -F f2b-<name>
<ip6tables> -X f2b-<name>6 <ip6tables> -X f2b-<name>
# Option: actioncheck # Option: actioncheck
# Notes.: command executed once before each actionban command # Notes.: command executed once before each actionban command
# Values: CMD # Values: CMD
# #
actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]' actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>6[ \t]' actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
# Option: actionban # Option: actionban
# Notes.: command executed when banning an IP. Take care that the # Notes.: command executed when banning an IP. Take care that the
@ -53,7 +53,7 @@ actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>6[ \t]'
# Values: CMD # Values: CMD
# #
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype> actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j <blocktype6> actionban6 = <ip6tables> -I f2b-<name> 1 -s <ip> -j <blocktype6>
# Option: actionunban # Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
@ -62,7 +62,7 @@ actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j <blocktype6>
# Values: CMD # Values: CMD
# #
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype> actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
actionunban6 = <ip6tables> -D f2b-<name>6 -s <ip> -j <blocktype6> actionunban6 = <ip6tables> -D f2b-<name> -s <ip> -j <blocktype6>
[Init] [Init]

28
config/action.d/iptables-multiport-log.conf
View File

@ -28,12 +28,12 @@ actionstart = <iptables> -N f2b-<name>
<iptables> -I f2b-<name>-log -j LOG --log-prefix "$(expr f2b-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 <iptables> -I f2b-<name>-log -j LOG --log-prefix "$(expr f2b-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
<iptables> -A f2b-<name>-log -j <blocktype> <iptables> -A f2b-<name>-log -j <blocktype>
actionstart6 = <ip6tables> -N f2b-<name>6 actionstart6 = <ip6tables> -N f2b-<name>
<ip6tables> -A f2b-<name>6 -j <returntype> <ip6tables> -A f2b-<name> -j <returntype>
<ip6tables> -I <chain> 1 -p <protocol> -m multiport --dports <port> -j f2b-<name>6 <ip6tables> -I <chain> 1 -p <protocol> -m multiport --dports <port> -j f2b-<name>
<ip6tables> -N f2b-<name>6-log <ip6tables> -N f2b-<name>-log
<ip6tables> -I f2b-<name>6-log -j LOG --log-prefix "$(expr f2b-<name>6 : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 <ip6tables> -I f2b-<name>-log -j LOG --log-prefix "$(expr f2b-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
<ip6tables> -A f2b-<name>6-log -j <blocktype6> <ip6tables> -A f2b-<name>-log -j <blocktype6>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
@ -45,18 +45,18 @@ actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j
<iptables> -X f2b-<name> <iptables> -X f2b-<name>
<iptables> -X f2b-<name>-log <iptables> -X f2b-<name>-log
actionstop6 = <ip6tables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>6 actionstop6 = <ip6tables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
<ip6tables> -F f2b-<name>6 <ip6tables> -F f2b-<name>
<ip6tables> -F f2b-<name>6-log <ip6tables> -F f2b-<name>-log
<ip6tables> -X f2b-<name>6 <ip6tables> -X f2b-<name>
<ip6tables> -X f2b-<name>6-log <ip6tables> -X f2b-<name>-log
# Option: actioncheck # Option: actioncheck
# Notes.: command executed once before each actionban command # Notes.: command executed once before each actionban command
# Values: CMD # Values: CMD
# #
actioncheck = <iptables> -n -L f2b-<name>-log >/dev/null actioncheck = <iptables> -n -L f2b-<name>-log >/dev/null
actioncheck6 = <ip6tables> -n -L f2b-<name>6-log >/dev/null actioncheck6 = <ip6tables> -n -L f2b-<name>-log >/dev/null
# Option: actionban # Option: actionban
# Notes.: command executed when banning an IP. Take care that the # Notes.: command executed when banning an IP. Take care that the
@ -65,7 +65,7 @@ actioncheck6 = <ip6tables> -n -L f2b-<name>6-log >/dev/null
# Values: CMD # Values: CMD
# #
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j f2b-<name>-log actionban = <iptables> -I f2b-<name> 1 -s <ip> -j f2b-<name>-log
actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j f2b-<name>6-log actionban6 = <ip6tables> -I f2b-<name> 1 -s <ip> -j f2b-<name>-log
# Option: actionunban # Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
@ -74,7 +74,7 @@ actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j f2b-<name>6-log
# Values: CMD # Values: CMD
# #
actionunban = <iptables> -D f2b-<name> -s <ip> -j f2b-<name>-log actionunban = <iptables> -D f2b-<name> -s <ip> -j f2b-<name>-log
actionunban6 = <ip6tables> -D f2b-<name>6 -s <ip> -j f2b-<name>6-log actionunban6 = <ip6tables> -D f2b-<name> -s <ip> -j f2b-<name>-log
[Init] [Init]

18
config/action.d/iptables-multiport.conf
View File

@ -20,9 +20,9 @@ actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype> <iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name> <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
actionstart6 = <ip6tables> -N f2b-<name>6 actionstart6 = <ip6tables> -N f2b-<name>
<ip6tables> -A f2b-<name>6 -j <returntype> <ip6tables> -A f2b-<name> -j <returntype>
<ip6tables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>6 <ip6tables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
@ -32,16 +32,16 @@ actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j
<iptables> -F f2b-<name> <iptables> -F f2b-<name>
<iptables> -X f2b-<name> <iptables> -X f2b-<name>
actionstop6 = <ip6tables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>6 actionstop6 = <ip6tables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
<ip6tables> -F f2b-<name>6 <ip6tables> -F f2b-<name>
<ip6tables> -X f2b-<name>6 <ip6tables> -X f2b-<name>
# Option: actioncheck # Option: actioncheck
# Notes.: command executed once before each actionban command # Notes.: command executed once before each actionban command
# Values: CMD # Values: CMD
# #
actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]' actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>6[ \t]' actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
# Option: actionban # Option: actionban
# Notes.: command executed when banning an IP. Take care that the # Notes.: command executed when banning an IP. Take care that the
@ -50,7 +50,7 @@ actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>6[ \t]'
# Values: CMD # Values: CMD
# #
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype> actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j <blocktype6> actionban6 = <ip6tables> -I f2b-<name> 1 -s <ip> -j <blocktype6>
# Option: actionunban # Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
@ -59,7 +59,7 @@ actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j <blocktype6>
# Values: CMD # Values: CMD
# #
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype> actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
actionunban6 = <ip6tables> -D f2b-<name>6 -s <ip> -j <blocktype6> actionunban6 = <ip6tables> -D f2b-<name> -s <ip> -j <blocktype6>
[Init] [Init]

18
config/action.d/iptables-new.conf
View File

@ -22,9 +22,9 @@ actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype> <iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name> <iptables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
actionstart6 = <ip6tables> -N f2b-<name>6 actionstart6 = <ip6tables> -N f2b-<name>
<ip6tables> -A f2b-<name>6 -j <returntype> <ip6tables> -A f2b-<name> -j <returntype>
<ip6tables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>6 <ip6tables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
@ -34,16 +34,16 @@ actionstop = <iptables> -D <chain> -m state --state NEW -p <protocol> --dport <p
<iptables> -F f2b-<name> <iptables> -F f2b-<name>
<iptables> -X f2b-<name> <iptables> -X f2b-<name>
actionstop6 = <ip6tables> -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>6 actionstop6 = <ip6tables> -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
<ip6tables> -F f2b-<name>6 <ip6tables> -F f2b-<name>
<ip6tables> -X f2b-<name>6 <ip6tables> -X f2b-<name>
# Option: actioncheck # Option: actioncheck
# Notes.: command executed once before each actionban command # Notes.: command executed once before each actionban command
# Values: CMD # Values: CMD
# #
actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]' actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>6[ \t]' actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
# Option: actionban # Option: actionban
# Notes.: command executed when banning an IP. Take care that the # Notes.: command executed when banning an IP. Take care that the
@ -52,7 +52,7 @@ actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>6[ \t]'
# Values: CMD # Values: CMD
# #
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype> actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j <blocktype6> actionban6 = <ip6tables> -I f2b-<name> 1 -s <ip> -j <blocktype6>
# Option: actionunban # Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
@ -61,7 +61,7 @@ actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j <blocktype6>
# Values: CMD # Values: CMD
# #
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype> actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
actionunban6 = <ip6tables> -D f2b-<name>6 -s <ip> -j <blocktype6> actionunban6 = <ip6tables> -D f2b-<name> -s <ip> -j <blocktype6>
[Init] [Init]

18
config/action.d/iptables.conf
View File

@ -20,9 +20,9 @@ actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype> <iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name> <iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name>
actionstart6 = <ip6tables> -N f2b-<name>6 actionstart6 = <ip6tables> -N f2b-<name>
<ip6tables> -A f2b-<name>6 -j <returntype> <ip6tables> -A f2b-<name> -j <returntype>
<ip6tables> -I <chain> -p <protocol> --dport <port> -j f2b-<name>6 <ip6tables> -I <chain> -p <protocol> --dport <port> -j f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
@ -32,16 +32,16 @@ actionstop = <iptables> -D <chain> -p <protocol> --dport <port> -j f2b-<name>
<iptables> -F f2b-<name> <iptables> -F f2b-<name>
<iptables> -X f2b-<name> <iptables> -X f2b-<name>
actionstop6 = <ip6tables> -D <chain> -p <protocol> --dport <port> -j f2b-<name>6 actionstop6 = <ip6tables> -D <chain> -p <protocol> --dport <port> -j f2b-<name>
<ip6tables> -F f2b-<name>6 <ip6tables> -F f2b-<name>
<ip6tables> -X f2b-<name>6 <ip6tables> -X f2b-<name>
# Option: actioncheck # Option: actioncheck
# Notes.: command executed once before each actionban command # Notes.: command executed once before each actionban command
# Values: CMD # Values: CMD
# #
actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]' actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>6[ \t]' actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
# Option: actionban # Option: actionban
# Notes.: command executed when banning an IP. Take care that the # Notes.: command executed when banning an IP. Take care that the
@ -50,7 +50,7 @@ actioncheck6 = <ip6tables> -n -L <chain> | grep -q 'f2b-<name>6[ \t]'
# Values: CMD # Values: CMD
# #
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype> actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j <blocktype6> actionban6 = <ip6tables> -I f2b-<name> 1 -s <ip> -j <blocktype6>
# Option: actionunban # Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
@ -59,7 +59,7 @@ actionban6 = <ip6tables> -I f2b-<name>6 1 -s <ip> -j <blocktype6>
# Values: CMD # Values: CMD
# #
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype> actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
actionunban6 = <ip6tables> -D f2b-<name>6 -s <ip> -j <blocktype6> actionunban6 = <ip6tables> -D f2b-<name> -s <ip> -j <blocktype6>
[Init] [Init]