RF: use <iptables> to take effect of it being a parameter

config/action.d/iptables-allports.conf

@@ -17,23 +17,23 @@ before = iptables-common.conf
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N f2b-<name>
+actionstart = <iptables> -N f2b-<name>
-              iptables -A f2b-<name> -j <returntype>
+              <iptables> -A f2b-<name> -j <returntype>
-              iptables -I <chain> -p <protocol> -j f2b-<name>
+              <iptables> -I <chain> -p <protocol> -j f2b-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -j f2b-<name>
+actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
-             iptables -F f2b-<name>
+             <iptables> -F f2b-<name>
-             iptables -X f2b-<name>
+             <iptables> -X f2b-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -41,7 +41,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -49,7 +49,7 @@ actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D f2b-<name> -s <ip> -j <blocktype>
+actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
 
 [Init]
 

config/action.d/iptables-common.conf

@@ -61,4 +61,4 @@ lockingopt = -w
 # Option:  iptables
 # Notes.:  Actual command to be executed, including common to all calls options
 # Values:  STRING
-iptables = iptables <lockingopt>
+iptables = <iptables> <lockingopt>

config/action.d/iptables-ipset-proto4.conf

@@ -28,13 +28,13 @@ before = iptables-common.conf
 # Values:  CMD
 #
 actionstart = ipset --create f2b-<name> iphash
-              iptables -I <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+              <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
              ipset --flush f2b-<name>
              ipset --destroy f2b-<name>
 

config/action.d/iptables-ipset-proto6-allports.conf

@@ -24,13 +24,13 @@ before = iptables-common.conf
 # Values:  CMD
 #
 actionstart = ipset create f2b-<name> hash:ip timeout <bantime>
-              iptables -I <chain> -m set --match-set f2b-<name> src -j <blocktype>
+              <iptables> -I <chain> -m set --match-set f2b-<name> src -j <blocktype>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -m set --match-set f2b-<name> src -j <blocktype>
+actionstop = <iptables> -D <chain> -m set --match-set f2b-<name> src -j <blocktype>
              ipset flush f2b-<name>
              ipset destroy f2b-<name>
 

config/action.d/iptables-ipset-proto6.conf

@@ -24,13 +24,13 @@ before = iptables-common.conf
 # Values:  CMD
 #
 actionstart = ipset create f2b-<name> hash:ip timeout <bantime>
-              iptables -I <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+              <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
              ipset flush f2b-<name>
              ipset destroy f2b-<name>
 

config/action.d/iptables-multiport-log.conf

@@ -19,28 +19,28 @@ before = iptables-common.conf
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N f2b-<name>
+actionstart = <iptables> -N f2b-<name>
-              iptables -A f2b-<name> -j <returntype>
+              <iptables> -A f2b-<name> -j <returntype>
-              iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j f2b-<name>
+              <iptables> -I <chain> 1 -p <protocol> -m multiport --dports <port> -j f2b-<name>
-              iptables -N f2b-<name>-log
+              <iptables> -N f2b-<name>-log
-              iptables -I f2b-<name>-log -j LOG --log-prefix "$(expr f2b-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
+              <iptables> -I f2b-<name>-log -j LOG --log-prefix "$(expr f2b-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
-              iptables -A f2b-<name>-log -j <blocktype>
+              <iptables> -A f2b-<name>-log -j <blocktype>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
-             iptables -F f2b-<name>
+             <iptables> -F f2b-<name>
-             iptables -F f2b-<name>-log
+             <iptables> -F f2b-<name>-log
-             iptables -X f2b-<name>
+             <iptables> -X f2b-<name>
-             iptables -X f2b-<name>-log
+             <iptables> -X f2b-<name>-log
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L f2b-<name>-log >/dev/null
+actioncheck = <iptables> -n -L f2b-<name>-log >/dev/null
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -48,7 +48,7 @@ actioncheck = iptables -n -L f2b-<name>-log >/dev/null
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I f2b-<name> 1 -s <ip> -j f2b-<name>-log
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j f2b-<name>-log
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -56,7 +56,7 @@ actionban = iptables -I f2b-<name> 1 -s <ip> -j f2b-<name>-log
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D f2b-<name> -s <ip> -j f2b-<name>-log
+actionunban = <iptables> -D f2b-<name> -s <ip> -j f2b-<name>-log
 
 [Init]
 

config/action.d/iptables-multiport.conf

@@ -14,23 +14,23 @@ before = iptables-common.conf
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N f2b-<name>
+actionstart = <iptables> -N f2b-<name>
-              iptables -A f2b-<name> -j <returntype>
+              <iptables> -A f2b-<name> -j <returntype>
-              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+              <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
-             iptables -F f2b-<name>
+             <iptables> -F f2b-<name>
-             iptables -X f2b-<name>
+             <iptables> -X f2b-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -38,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -46,7 +46,7 @@ actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D f2b-<name> -s <ip> -j <blocktype>
+actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
 
 [Init]
 

config/action.d/iptables-new.conf

@@ -16,23 +16,23 @@ before = iptables-common.conf
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N f2b-<name>
+actionstart = <iptables> -N f2b-<name>
-              iptables -A f2b-<name> -j <returntype>
+              <iptables> -A f2b-<name> -j <returntype>
-              iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+              <iptables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+actionstop = <iptables> -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
-             iptables -F f2b-<name>
+             <iptables> -F f2b-<name>
-             iptables -X f2b-<name>
+             <iptables> -X f2b-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -40,7 +40,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -48,7 +48,7 @@ actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D f2b-<name> -s <ip> -j <blocktype>
+actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
 
 [Init]
 

config/action.d/iptables-xt_recent-echo.conf

@@ -32,14 +32,14 @@ before = iptables-common.conf
 #    own rules. The 3600 second timeout is independent and acts as a
 #    safeguard in case the fail2ban process dies unexpectedly. The
 #    shorter of the two timeouts actually matters.
-actionstart = if [ `id -u` -eq 0 ];then iptables -I <chain> -m recent --update --seconds 3600 --name f2b-<name> -j <blocktype>;fi
+actionstart = if [ `id -u` -eq 0 ];then <iptables> -I <chain> -m recent --update --seconds 3600 --name f2b-<name> -j <blocktype>;fi
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = echo / > /proc/net/xt_recent/f2b-<name>
-             if [ `id -u` -eq 0 ];then iptables -D <chain> -m recent --update --seconds 3600 --name f2b-<name> -j <blocktype>;fi
+             if [ `id -u` -eq 0 ];then <iptables> -D <chain> -m recent --update --seconds 3600 --name f2b-<name> -j <blocktype>;fi
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command

config/action.d/iptables.conf

@@ -14,23 +14,23 @@ before = iptables-common.conf
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N f2b-<name>
+actionstart = <iptables> -N f2b-<name>
-              iptables -A f2b-<name> -j <returntype>
+              <iptables> -A f2b-<name> -j <returntype>
-              iptables -I <chain> -p <protocol> --dport <port> -j f2b-<name>
+              <iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> --dport <port> -j f2b-<name>
+actionstop = <iptables> -D <chain> -p <protocol> --dport <port> -j f2b-<name>
-             iptables -F f2b-<name>
+             <iptables> -F f2b-<name>
-             iptables -X f2b-<name>
+             <iptables> -X f2b-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -38,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -46,7 +46,7 @@ actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D f2b-<name> -s <ip> -j <blocktype>
+actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
 
 [Init]
 

config/action.d/symbiosis-blacklist-allports.conf

@@ -22,21 +22,21 @@ actionstop =
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain>
+actioncheck = <iptables> -n -L <chain>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP.
 # Values:  CMD
 #
 actionban = echo 'all' >| /etc/symbiosis/firewall/blacklist.d/<ip>.auto
-            iptables -I <chain> 1 -s <ip> -j <blocktype>
+            <iptables> -I <chain> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP.
 # Values:  CMD
 #
 actionunban = rm -f /etc/symbiosis/firewall/blacklist.d/<ip>.auto
-              iptables -D <chain> -s <ip> -j <blocktype> || :
+              <iptables> -D <chain> -s <ip> -j <blocktype> || :
 
 [Init]