mirror of https://github.com/fail2ban/fail2ban
Merge c9f008aac7
into dc899e438f
commit
869d30a684
|
@ -12,7 +12,11 @@
|
||||||
# file should be modified with "BLACKLISTNEWONLY=No". Note that as of
|
# file should be modified with "BLACKLISTNEWONLY=No". Note that as of
|
||||||
# Shorewall 4.5.13 BLACKLISTNEWONLY is deprecated; however the equivalent
|
# Shorewall 4.5.13 BLACKLISTNEWONLY is deprecated; however the equivalent
|
||||||
# of BLACKLISTNEWONLY=No can now be achieved by setting BLACKLIST="ALL".
|
# of BLACKLISTNEWONLY=No can now be achieved by setting BLACKLIST="ALL".
|
||||||
#
|
# you can check the list using "shorewall show bl"
|
||||||
|
#
|
||||||
|
# Enabling using ipset for shorewall on a single list is a more easy and more efective
|
||||||
|
# change blocktype = blacklist
|
||||||
|
# enable on shorewall.comf to "DYNAMIC_BLACKLIST=ipset,disconnect,timeout=0"
|
||||||
|
|
||||||
[Definition]
|
[Definition]
|
||||||
|
|
||||||
|
@ -60,9 +64,9 @@ family =
|
||||||
|
|
||||||
# Option: blocktype
|
# Option: blocktype
|
||||||
# Note: This is what the action does with rules.
|
# Note: This is what the action does with rules.
|
||||||
# See man page of shorewall for options that include drop, logdrop, reject, or logreject
|
# See man page of shorewall for options that include drop, logdrop, reject, blacklist, or logreject
|
||||||
# Values: STRING
|
# Values: STRING
|
||||||
blocktype = reject
|
blocktype = blacklist
|
||||||
|
|
||||||
[Init?family=inet6]
|
[Init?family=inet6]
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue