github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

added new options `kill-mode` and `kill`, which makes the drop of all connections optional

pull/3018/head
Sergey G. Brester 2021-05-06 21:47:06 +02:00 committed by GitHub
parent 5debaa4cac
commit 8f6a8df3a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
config/action.d/ufw.conf
View File

@ -23,7 +23,7 @@ actionban = if [ -n "<application>" ] && ufw app info "<application>"
else
ufw <add> <blocktype> from <ip> to <destination> comment "<comment>"
fi
ss -K dst [<ip>]
<kill>
actionunban = if [ -n "<application>" ] && ufw app info "<application>"
then
@ -32,6 +32,21 @@ actionunban = if [ -n "<application>" ] && ufw app info "<application>"
ufw delete <blocktype> from <ip> to <destination>
fi
# Option: kill-mode
# Notes.: can be set to ss (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
# Example: banaction = ufw[kill-mode=ss]
kill-mode =
# intern conditional parameter used to provide killing mode after ban:
_kill_ =
_kill_ss = ss -K dst "[<ip>]"
# Option: kill
# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode
# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"']
banaction = ufw[kill='cutter "<ip>"']
kill = <_kill_<kill-mode>>
[Init]
# Option: add
# Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):