From 9b1417a16912562f15b5e1e252f16d6b1360fa41 Mon Sep 17 00:00:00 2001 From: Duncan Bellamy Date: Wed, 8 Mar 2023 09:29:03 +0000 Subject: [PATCH] apply suggestions --- config/action.d/mikrotik.conf | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/config/action.d/mikrotik.conf b/config/action.d/mikrotik.conf index 96262587..30e9bac5 100644 --- a/config/action.d/mikrotik.conf +++ b/config/action.d/mikrotik.conf @@ -33,14 +33,14 @@ # from address list to server # # example extract from jail.local overriding some defaults -# action = mikrotik[mtikkeyfile="%(mkeyfile)s", mtikuser="%(muser)s", mtikhost="%(mhost)s", mtiklistname="%(mlistname)s"] +# action = mikrotik[keyfile="%(mkeyfile)s", user="%(muser)s", host="%(mhost)s", list="%(mlist)s"] # # ignoreip = 127.0.0.1/8 192.168.0.0/24 # mkeyfile = /etc/fail2ban/ssh/mykey_id_rsa # muser = myuser # mhost = 192.168.0.1 -# mlistname = BAD LIST +# mlist = BAD LIST [Definition] @@ -48,35 +48,35 @@ actionstart = actionstop = %(actionflush)s -actionflush = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" comment~\"%(startcomment)s-*\"]" +actionflush = %(command)s "/ip firewall address-list remove [find list=\"%(list)s\" comment~\"%(startcomment)s-*\"]" actioncheck = -actionban = %(mtikcommand)s "/ip firewall address-list add list=\"%(mtiklistname)s\" address= comment=%(mtikcomment)s" +actionban = %(command)s "/ip firewall address-list add list=\"%(list)s\" address= comment=%(comment)s" -actionunban = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" comment=%(mtikcomment)s]" +actionunban = %(command)s "/ip firewall address-list remove [find list=\"%(list)s\" comment=%(comment)s]" -mtikcommand = ssh -l %(mtikuser)s -p%(mtikport)s -i %(mtikkeyfile)s %(mtikhost)s +mtikcommand = ssh -l %(user)s -p%(port)s -i %(keyfile)s %(host)s -# Option: mktikuser +# Option: user # Notes.: username to use when connecting to routerOS mtikuser = -# Option: mtikport +# Option: port # Notes.: port to use when connecting to routerOS mtikport = 22 -# Option: mtikkeyfile +# Option: keyfile # Notes.: ssh private key to use for connecting to routerOS mtikkeyfile = -# Option: mtikhost +# Option: host # Notes.: hostname or ip of router mtikhost = -# Option: mtiklistname +# Option: list # Notes.: name of "address-list" to use on router -mtiklistname = Auto Fail2Ban +mtiklistname = Fail2Ban # Option: startcomment # Notes.: used as a prefix to all comments, and used to match for flushing rules startcomment = f2b- -# Option: mtikcomment +# Option: comment # Notes.: comment to use on routerOS (must be unique as used for ip address removal) mtikcomment = %(startcomment)s-