github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

* Synchronized action.d/iptables-* rules from upstream SVN (closes: 

#407561)
* Minor: options renames in the comments to be in sync with upstream
pull/3/head
Yaroslav Halchenko 2007-01-19 15:51:11 +00:00
parent e3102eb28a
commit 878fa0dedd
5 changed files with 40 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/README.Debian vendored
View File

@ -66,7 +66,7 @@ actionstop = iptables -D <fwchain> -j <whitelist>
iptables -D <fwchain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
actioncheck = iptables -L <fwchain> | grep -q fail2ban-<name>
actioncheck = iptables -n -L <fwchain> | grep -q fail2ban-<name>
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
[Init]

8
debian/changelog vendored
View File

@ -1,3 +1,11 @@
fail2ban (0.7.6-3) unstable; urgency=low
* Synchronized action.d/iptables-* rules from upstream SVN (closes:
#407561)
* Minor: options renames in the comments to be in sync with upstream
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 19 Jan 2007 10:43:59 -0500
fail2ban (0.7.6-2) unstable; urgency=low
* iptables-multiport is default action to take since Debian kernel arrives

24
debian/patches/00_iptables-mports.dpatch vendored
View File

@ -1,24 +1,24 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_iptables-mports.dpatch by Yaroslav Halchenko <debian@onerussian.com>
## 00_iptables_mports.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.5~/config/action.d/iptables-multiport.conf fail2ban-0.7.5/config/action.d/iptables-multiport.conf
--- fail2ban-0.7.5~/config/action.d/iptables-multiport.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.5/config/action.d/iptables-multiport.conf 2007-01-04 12:28:46.000000000 -0500
diff -urNad fail2ban-0.7.6~/config/action.d/iptables-multiport.conf fail2ban-0.7.6/config/action.d/iptables-multiport.conf
--- fail2ban-0.7.6~/config/action.d/iptables-multiport.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.6/config/action.d/iptables-multiport.conf 2007-01-19 10:40:54.000000000 -0500
@@ -0,0 +1,69 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified by Yaroslav Halchenko for multiport banning
+# $Revision: 455 $
+# $Revision: 520 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
@ -26,7 +26,7 @@ diff -urNad fail2ban-0.7.5~/config/action.d/iptables-multiport.conf fail2ban-0.7
+ iptables -A fail2ban-<name> -j RETURN
+ iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+
+# Option: fwend
+# Option: actionend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
@ -34,13 +34,13 @@ diff -urNad fail2ban-0.7.5~/config/action.d/iptables-multiport.conf fail2ban-0.7
+ iptables -F fail2ban-<name>
+ iptables -X fail2ban-<name>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+
+# Option: fwban
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
@ -50,7 +50,7 @@ diff -urNad fail2ban-0.7.5~/config/action.d/iptables-multiport.conf fail2ban-0.7
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option: fwunban
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address

31
debian/patches/00_iptables_NEW.dpatch vendored
View File

@ -5,22 +5,22 @@
## DP: No description.
@DPATCH@
diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/config/action.d/iptables-new.conf
--- fail2ban-0.7.4~/config/action.d/iptables-new.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.4/config/action.d/iptables-new.conf 2006-11-10 18:01:27.000000000 -0500
@@ -0,0 +1,72 @@
diff -urNad fail2ban-0.7.6~/config/action.d/iptables-new.conf fail2ban-0.7.6/config/action.d/iptables-new.conf
--- fail2ban-0.7.6~/config/action.d/iptables-new.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.6/config/action.d/iptables-new.conf 2007-01-19 10:40:28.000000000 -0500
@@ -0,0 +1,71 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Copied from iptables.conf and modified by Yaroslav Halchenko
+# to fullfill the needs of bugreporter dbts#350746.
+#
+# $Revision: 394 $
+# $Revision: 520 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
@ -28,7 +28,7 @@ diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/con
+ iptables -A fail2ban-<name> -j RETURN
+ iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+
+# Option: fwend
+# Option: actionend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
@ -36,29 +36,28 @@ diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/con
+ iptables -F fail2ban-<name>
+ iptables -X fail2ban-<name>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+
+# Option: fwban
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <failtime> unix timestamp of the last failure
+# <bantime> unix timestamp of the ban time
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option: fwunban
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <bantime> unix timestamp of the ban time
+# <unbantime> unix timestamp of the unban time
+# <failures> number of failures
+# <time> unix timestamp of the ban time
+# Values: CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP

8
debian/patches/00_mail-whois-lines.dpatch vendored
View File

@ -37,13 +37,13 @@ diff -urNad fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf fail2ban-0.7.5
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
+
+# Option: fwcheck
+# Notes.: command executed once before each fwban command
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: fwban
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
@ -62,7 +62,7 @@ diff -urNad fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf fail2ban-0.7.5
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
+
+# Option: fwunban
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address