github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

apply suggestions

pull/2860/head
Duncan Bellamy 2023-03-08 09:29:03 +00:00
parent b892133d51
commit 9b1417a169
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
config/action.d/mikrotik.conf
View File

@ -33,14 +33,14 @@
# from address list to server # from address list to server
# #
# example extract from jail.local overriding some defaults # example extract from jail.local overriding some defaults
# action = mikrotik[mtikkeyfile="%(mkeyfile)s", mtikuser="%(muser)s", mtikhost="%(mhost)s", mtiklistname="%(mlistname)s"] # action = mikrotik[keyfile="%(mkeyfile)s", user="%(muser)s", host="%(mhost)s", list="%(mlist)s"]
# #
# ignoreip = 127.0.0.1/8 192.168.0.0/24 # ignoreip = 127.0.0.1/8 192.168.0.0/24
# mkeyfile = /etc/fail2ban/ssh/mykey_id_rsa # mkeyfile = /etc/fail2ban/ssh/mykey_id_rsa
# muser = myuser # muser = myuser
# mhost = 192.168.0.1 # mhost = 192.168.0.1
# mlistname = BAD LIST # mlist = BAD LIST
[Definition] [Definition]
@ -48,35 +48,35 @@ actionstart =
actionstop = %(actionflush)s actionstop = %(actionflush)s
actionflush = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" comment~\"%(startcomment)s-*\"]" actionflush = %(command)s "/ip firewall address-list remove [find list=\"%(list)s\" comment~\"%(startcomment)s-*\"]"
actioncheck = actioncheck =
actionban = %(mtikcommand)s "/ip firewall address-list add list=\"%(mtiklistname)s\" address=<ip> comment=%(mtikcomment)s" actionban = %(command)s "/ip firewall address-list add list=\"%(list)s\" address=<ip> comment=%(comment)s"
actionunban = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" comment=%(mtikcomment)s]" actionunban = %(command)s "/ip firewall address-list remove [find list=\"%(list)s\" comment=%(comment)s]"
mtikcommand = ssh -l %(mtikuser)s -p%(mtikport)s -i %(mtikkeyfile)s %(mtikhost)s mtikcommand = ssh -l %(user)s -p%(port)s -i %(keyfile)s %(host)s
# Option: mktikuser # Option: user
# Notes.: username to use when connecting to routerOS # Notes.: username to use when connecting to routerOS
mtikuser = mtikuser =
# Option: mtikport # Option: port
# Notes.: port to use when connecting to routerOS # Notes.: port to use when connecting to routerOS
mtikport = 22 mtikport = 22
# Option: mtikkeyfile # Option: keyfile
# Notes.: ssh private key to use for connecting to routerOS # Notes.: ssh private key to use for connecting to routerOS
mtikkeyfile = mtikkeyfile =
# Option: mtikhost # Option: host
# Notes.: hostname or ip of router # Notes.: hostname or ip of router
mtikhost = mtikhost =
# Option: mtiklistname # Option: list
# Notes.: name of "address-list" to use on router # Notes.: name of "address-list" to use on router
mtiklistname = Auto Fail2Ban mtiklistname = Fail2Ban
# Option: startcomment # Option: startcomment
# Notes.: used as a prefix to all comments, and used to match for flushing rules # Notes.: used as a prefix to all comments, and used to match for flushing rules
startcomment = f2b-<name> startcomment = f2b-<name>
# Option: mtikcomment # Option: comment
# Notes.: comment to use on routerOS (must be unique as used for ip address removal) # Notes.: comment to use on routerOS (must be unique as used for ip address removal)
mtikcomment = %(startcomment)s-<ip> mtikcomment = %(startcomment)s-<ip>