From a4884f82cd57c2047f8cf1f41c1769493fbfaa22 Mon Sep 17 00:00:00 2001
From: Andy Fragen <andy@thefragens.com>
Date: Sat, 31 Aug 2013 08:39:19 -0700
Subject: [PATCH] add mods from grooverdan and fix actionunban

actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.
---
 config/action.d/osx-ipfw.conf | 45 +++++++++++++++++++++++++----------
 1 file changed, 33 insertions(+), 12 deletions(-)

diff --git a/config/action.d/osx-ipfw.conf b/config/action.d/osx-ipfw.conf
index 8cd36df6..4f421ffb 100644
--- a/config/action.d/osx-ipfw.conf
+++ b/config/action.d/osx-ipfw.conf
@@ -1,9 +1,9 @@
 # Fail2Ban configuration file
 #
 # Author: Nick Munger
-# Modified by: Andy Fragen
+# Modified by: Andy Fragen and Daniel Black
 #
-# Mod for OS X, using random rulenum
+# Mod for OS X, using random rulenum as OSX ipfw doesn't include tables
 #
 
 [Definition]
@@ -35,7 +35,7 @@ actioncheck =
 # Tags:    <ip>  IP address
 # Values:  CMD
 #
-actionban = ipfw add <rulenum> set 10 deny log tcp from <ip> to <localhost> <port>
+actionban = ipfw add <rulenum> set <setnum> <blocktype> log <block> from <ip> to <dst> <port>
 
 
 # Option:  actionunban
@@ -44,24 +44,45 @@ actionban = ipfw add <rulenum> set 10 deny log tcp from <ip> to <localhost> <por
 # Tags:    <ip>  IP address
 # Values:  CMD
 #
-actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
+actionunban = ipfw delete `ipfw list | grep -i <ip> | grep -i <port> | awk '{print $1;}'`
+#actionunban = ipfw delete `ipfw list | sed  -n '/^\([0-9]*\) set <setnum> <blocktype> log <block> from <ip> to <dst> ?<port>$/s//\1/p'`
 
 [Init]
 
 # Option:  port
-# Notes.:  specifies port to monitor
+# Notes.:  specifies port to block. Can be blank however may require block="ip"
 # Values:  [ NUM | STRING ]
 #
 port = ssh
 
-# Option:  localhost
+# Option:  dst
 # Notes.:  the local IP address of the network interface
-# Values:  IP
+# Values:  IP, any, me or anything support by ipfw as a dst
 #
-localhost = 127.0.0.1
+dst = me
 
-# Option: number for ipfw rule
-# Values: 1 - 65535
-# Random value between 10000 and 12000
-rulenum = "`echo $((RANDOM%%2000+10000))`"
+# Option: block
+# Notes:  This is how much to block.
+#         Can be "ip", "tcp", "udp" or various other options.
+# Values: STRING
+block = tcp
 
+# Option:  blocktype
+# Notes.:  How to block the traffic. Use a action from man 8 ipfw
+#          Common values: deny, unreach port, reset
+# Values:  STRING
+#
+blocktype = deny
+
+# Option:  set number
+# Notes.:  The ipset number this is added to.
+# Values:  0-31
+setnum = 10
+
+# Option:  number for ipfw rule
+# Notes:   This is meant to be automaticly generated and not overwritten
+# Values:  Random value between 10000 and 12000
+rulenum="`echo $((RANDOM%%2000+10000))`"
+
+# Duplicate prevention mechanism
+#rulenum = "`a=$((RANDOM%%2000+10000)); while ipfw show | grep -q ^$a\ ; do a=$((RANDOM%%2000+10000)); done; echo $a`"
\ No newline at end of file