github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: consolidate where blocktype is defined for iptables rules

pull/215/head
Daniel Black 2013-05-08 07:52:08 +10:00
parent c7fd777966
commit 9c03ee6d9e
10 changed files with 59 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
MANIFEST
View File

@ -98,6 +98,7 @@ config/filter.d/lighttpd-auth.conf
config/filter.d/recidive.conf
config/filter.d/roundcube-auth.conf
config/action.d/dummy.conf
config/action.d/iptables-blocktype.conf
config/action.d/iptables-ipset-proto4.conf
config/action.d/iptables-ipset-proto6.conf
config/action.d/iptables-xt_recent-echo.conf

12
config/action.d/iptables-allports.conf
View File

@ -7,6 +7,11 @@
# $Revision$
#
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
@ -64,10 +69,3 @@ protocol = tcp
# added
# Values: STRING Default: INPUT
chain = INPUT
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = REJECT --reject-with icmp-port-unreachable

22
config/action.d/iptables-blocktype.conf Normal file
View File

@ -0,0 +1,22 @@
# Fail2Ban configuration file
#
# Author: Daniel Black
#
# This is a included configuration file and includes the defination for the blocktype
# used in all iptables based actions by default.
#
# The user can override the default in iptables-blocktype.local
[INCLUDES]
after = iptables-blocktype.local
[Init]
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = REJECT --reject-with icmp-port-unreachable

11
config/action.d/iptables-ipset-proto4.conf
View File

@ -18,6 +18,10 @@
# apt-get install ipset xtables-addons-source
# module-assistant auto-install xtables-addons
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
@ -68,10 +72,3 @@ port = ssh
# Values: [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = REJECT --reject-with icmp-port-unreachable

13
config/action.d/iptables-ipset-proto6.conf
View File

@ -18,6 +18,11 @@
# apt-get install ipset xtables-addons-source
# module-assistant auto-install xtables-addons
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
@ -74,11 +79,3 @@ protocol = tcp
# Values: [ NUM ] Default: 600
bantime = 600
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = REJECT --reject-with icmp-port-unreachable

11
config/action.d/iptables-multiport-log.conf
View File

@ -10,6 +10,10 @@
# $Revision$
#
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
@ -78,10 +82,3 @@ protocol = tcp
# added
# Values: STRING Default: INPUT
chain = INPUT
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = REJECT --reject-with icmp-port-unreachable

11
config/action.d/iptables-multiport.conf
View File

@ -5,6 +5,10 @@
# $Revision$
#
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
@ -68,10 +72,3 @@ protocol = tcp
# added
# Values: STRING Default: INPUT
chain = INPUT
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = REJECT --reject-with icmp-port-unreachable

12
config/action.d/iptables-new.conf
View File

@ -7,6 +7,11 @@
# $Revision$
#
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
@ -70,10 +75,3 @@ protocol = tcp
# added
# Values: STRING Default: INPUT
chain = INPUT
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = REJECT --reject-with icmp-port-unreachable

12
config/action.d/iptables-xt_recent-echo.conf
View File

@ -5,6 +5,11 @@
# $Revision: 1 $
#
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
@ -70,10 +75,3 @@ name = default
# Values: [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = REJECT --reject-with icmp-port-unreachable

12
config/action.d/iptables.conf
View File

@ -5,6 +5,10 @@
# $Revision$
#
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
@ -68,11 +72,3 @@ protocol = tcp
# added
# Values: STRING Default: INPUT
chain = INPUT
Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = REJECT --reject-with icmp-port-unreachable