Merge pull request #1995 from sebres/firewallcmd-ipset-flush

action.d/firewallcmd-ipset.conf: extended with actionflush to bulk unban resp. flush ipset
2017-12-06 11:43:01 +01:00 · 2017-12-06 11:43:01 +01:00 · 95a87077f7
parent bf6667d4da 6ccaa03e00
commit 95a87077f7
2 changed files with 7 additions and 1 deletions
--- a/config/action.d/firewallcmd-ipset.conf
+++ b/config/action.d/firewallcmd-ipset.conf
@ -21,8 +21,10 @@ before = firewallcmd-common.conf
 actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
              firewall-cmd --direct --add-rule <family> filter <chain> 0 -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>

+actionflush = ipset flush <ipmset>
+
 actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>
-             ipset flush <ipmset>
+             <actionflush>
             ipset destroy <ipmset>

 actionban = ipset add <ipmset> <ip> timeout <bantime> -exist
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@ -1656,6 +1656,10 @@ class ServerConfigReaderTests(LogCaptureTestCase):
 						"`ipset create f2b-j-w-fwcmd-ipset6 hash:ip timeout 600 family inet6`",
 						"`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`",
 					),
+					'flush': (
+						"`ipset flush f2b-j-w-fwcmd-ipset`",
+						"`ipset flush f2b-j-w-fwcmd-ipset6`",
+					),
 					'stop': (
 						"`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset src -j REJECT --reject-with icmp-port-unreachable`",
 						"`ipset flush f2b-j-w-fwcmd-ipset`",