From 9779eeb986e323608207f9790556d7b9ce6816f1 Mon Sep 17 00:00:00 2001
From: Alexander Belykh <albel727@ngs.ru>
Date: Wed, 6 Jan 2016 17:33:14 +0600
Subject: [PATCH] Add nftables_type/family/table parameters

---
 config/action.d/nftables-common.conf | 32 ++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/config/action.d/nftables-common.conf b/config/action.d/nftables-common.conf
index 157f3c77..26e35892 100644
--- a/config/action.d/nftables-common.conf
+++ b/config/action.d/nftables-common.conf
@@ -28,21 +28,21 @@ nftables_mode = <protocol> dport \{ <port> \}
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = <nftables> add set filter f2b-<name> \{ type ipv4_addr\; \}
-              <nftables> insert rule filter <chain> %(nftables_mode)s ip saddr @f2b-<name> <blocktype>
+actionstart = <nftables> add set <nftables_family> <nftables_table> f2b-<name> \{ type <nftables_type>\; \}
+              <nftables> insert rule <nftables_family> <nftables_table> <chain> %(nftables_mode)s ip saddr @f2b-<name> <blocktype>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = HANDLE_ID=$(<nftables> --handle --numeric list chain filter <chain> | grep -m1 'ip saddr @f2b-<name> <blocktype> # handle' | grep -oe ' handle [0-9]*'); <nftables> delete rule filter <chain> $HANDLE_ID
-             <nftables> delete set filter f2b-<name>
+actionstop = HANDLE_ID=$(<nftables> --handle --numeric list chain <nftables_family> <nftables_table> <chain> | grep -m1 'ip saddr @f2b-<name> <blocktype> # handle' | grep -oe ' handle [0-9]*'); <nftables> delete rule <nftables_family> <nftables_table> <chain> $HANDLE_ID
+             <nftables> delete set <nftables_family> <nftables_table> f2b-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = <nftables> list chain filter <chain> | grep -q '@f2b-<name>[ \t]'
+actioncheck = <nftables> list chain <nftables_family> <nftables_table> <chain> | grep -q '@f2b-<name>[ \t]'
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -50,7 +50,7 @@ actioncheck = <nftables> list chain filter <chain> | grep -q '@f2b-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = <nftables> add element filter f2b-<name> \{ <ip> \}
+actionban = <nftables> add element <nftables_family> <nftables_table> f2b-<name> \{ <ip> \}
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -58,10 +58,28 @@ actionban = <nftables> add element filter f2b-<name> \{ <ip> \}
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = <nftables> delete element filter f2b-<name> \{ <ip> \}
+actionunban = <nftables> delete element <nftables_family> <nftables_table> f2b-<name> \{ <ip> \}
 
 [Init]
 
+# Option:  nftables_type
+# Notes.:  address type to work with
+# Values:  [ipv4_addr | ipv6_addr]  Default: ipv4_addr
+#
+nftables_type = ipv4_addr
+
+# Option:  nftables_family
+# Notes.:  address family to work in
+# Values:  [ip | ip6 | inet]  Default: inet
+#
+nftables_family = inet
+
+# Option:  nftables_table
+# Notes.:  table in the address family to work in
+# Values:  STRING  Default: filter
+#
+nftables_table = filter
+
 # Option:  chain
 # Notes    specifies the nftables chain to which the Fail2Ban rules should be
 #          added