ENH: consolidate where blocktype is defined for iptables rules

MANIFEST

@@ -98,6 +98,7 @@ config/filter.d/lighttpd-auth.conf
 config/filter.d/recidive.conf
 config/filter.d/roundcube-auth.conf
 config/action.d/dummy.conf
+config/action.d/iptables-blocktype.conf
 config/action.d/iptables-ipset-proto4.conf
 config/action.d/iptables-ipset-proto6.conf
 config/action.d/iptables-xt_recent-echo.conf

config/action.d/iptables-allports.conf

@@ -7,6 +7,11 @@
 # $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
 [Definition]
 
 # Option:  actionstart
@@ -64,10 +69,3 @@ protocol = tcp
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
-
-# Option:  blocktype
-# Note:    This is what the action does with rules. This can be any jump target
-#          as per the iptables man page (section 8). Common values are DROP
-#          REJECT, REJECT --reject-with icmp-port-unreachable
-# Values:  STRING
-blocktype = REJECT --reject-with icmp-port-unreachable

config/action.d/iptables-blocktype.conf

@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is a included configuration file and includes the defination for the blocktype
+# used in all iptables based actions by default.
+#
+# The user can override the default in iptables-blocktype.local
+
+[INCLUDES]
+
+after = iptables-blocktype.local
+
+[Init]
+
+# Option:  blocktype
+# Note:    This is what the action does with rules. This can be any jump target
+#          as per the iptables man page (section 8). Common values are DROP
+#          REJECT, REJECT --reject-with icmp-port-unreachable
+# Values:  STRING
+blocktype = REJECT --reject-with icmp-port-unreachable
+

config/action.d/iptables-ipset-proto4.conf

@@ -18,6 +18,10 @@
 # apt-get install ipset xtables-addons-source 
 # module-assistant auto-install xtables-addons
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
 [Definition]
 
 # Option:  actionstart
@@ -68,10 +72,3 @@ port = ssh
 # Values:  [ tcp | udp | icmp | all ] Default: tcp
 #
 protocol = tcp
-
-# Option:  blocktype
-# Note:    This is what the action does with rules. This can be any jump target
-#          as per the iptables man page (section 8). Common values are DROP
-#          REJECT, REJECT --reject-with icmp-port-unreachable
-# Values:  STRING
-blocktype = REJECT --reject-with icmp-port-unreachable

config/action.d/iptables-ipset-proto6.conf

@@ -18,6 +18,11 @@
 # apt-get install ipset xtables-addons-source 
 # module-assistant auto-install xtables-addons
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
 [Definition]
 
 # Option:  actionstart
@@ -74,11 +79,3 @@ protocol = tcp
 # Values:  [ NUM ]  Default: 600
 
 bantime = 600
-
-
-# Option:  blocktype
-# Note:    This is what the action does with rules. This can be any jump target
-#          as per the iptables man page (section 8). Common values are DROP
-#          REJECT, REJECT --reject-with icmp-port-unreachable
-# Values:  STRING
-blocktype = REJECT --reject-with icmp-port-unreachable

config/action.d/iptables-multiport-log.conf

@@ -10,6 +10,10 @@
 # $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
 [Definition]
 
 # Option:  actionstart
@@ -78,10 +82,3 @@ protocol = tcp
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
-
-# Option:  blocktype
-# Note:    This is what the action does with rules. This can be any jump target
-#          as per the iptables man page (section 8). Common values are DROP
-#          REJECT, REJECT --reject-with icmp-port-unreachable
-# Values:  STRING
-blocktype = REJECT --reject-with icmp-port-unreachable

config/action.d/iptables-multiport.conf

@@ -5,6 +5,10 @@
 # $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
 [Definition]
 
 # Option:  actionstart
@@ -68,10 +72,3 @@ protocol = tcp
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
-
-# Option:  blocktype
-# Note:    This is what the action does with rules. This can be any jump target
-#          as per the iptables man page (section 8). Common values are DROP
-#          REJECT, REJECT --reject-with icmp-port-unreachable
-# Values:  STRING
-blocktype = REJECT --reject-with icmp-port-unreachable

config/action.d/iptables-new.conf

@@ -7,6 +7,11 @@
 # $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
 [Definition]
 
 # Option:  actionstart
@@ -70,10 +75,3 @@ protocol = tcp
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
-
-# Option:  blocktype
-# Note:    This is what the action does with rules. This can be any jump target
-#          as per the iptables man page (section 8). Common values are DROP
-#          REJECT, REJECT --reject-with icmp-port-unreachable
-# Values:  STRING
-blocktype = REJECT --reject-with icmp-port-unreachable

config/action.d/iptables-xt_recent-echo.conf

@@ -5,6 +5,11 @@
 # $Revision: 1 $
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
 [Definition]
 
 # Option:  actionstart
@@ -70,10 +75,3 @@ name = default
 # Values:  [ tcp | udp | icmp | all ] Default: tcp
 #
 protocol = tcp
-
-# Option:  blocktype
-# Note:    This is what the action does with rules. This can be any jump target
-#          as per the iptables man page (section 8). Common values are DROP
-#          REJECT, REJECT --reject-with icmp-port-unreachable
-# Values:  STRING
-blocktype = REJECT --reject-with icmp-port-unreachable

config/action.d/iptables.conf

@@ -5,6 +5,10 @@
 # $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
 [Definition]
 
 # Option:  actionstart
@@ -68,11 +72,3 @@ protocol = tcp
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
-
-Option:  blocktype
-# Note:    This is what the action does with rules. This can be any jump target
-#          as per the iptables man page (section 8). Common values are DROP
-#          REJECT, REJECT --reject-with icmp-port-unreachable
-# Values:  STRING
-blocktype = REJECT --reject-with icmp-port-unreachable
-