mirror of https://github.com/fail2ban/fail2ban
add mods from grooverdan and fix actionunban
actionunban still not working in grooverdan's mod. I made this one grep both <ip> and <port>. It should be more specific if the same <ip> is banned on multiple ports.pull/340/head
Andy Fragen
parent
ef504c869f
commit
a4884f82cd
|
|
@ -1,9 +1,9 @@
|
||||||
# Fail2Ban configuration file
|
# Fail2Ban configuration file
|
||||||
#
|
#
|
||||||
# Author: Nick Munger
|
# Author: Nick Munger
|
||||||
# Modified by: Andy Fragen
|
# Modified by: Andy Fragen and Daniel Black
|
||||||
#
|
#
|
||||||
# Mod for OS X, using random rulenum
|
# Mod for OS X, using random rulenum as OSX ipfw doesn't include tables
|
||||||
#
|
#
|
||||||
|
|
||||||
[Definition]
|
[Definition]
|
||||||
|
|
@ -35,7 +35,7 @@ actioncheck =
|
||||||
# Tags: <ip> IP address
|
# Tags: <ip> IP address
|
||||||
# Values: CMD
|
# Values: CMD
|
||||||
#
|
#
|
||||||
actionban = ipfw add <rulenum> set 10 deny log tcp from <ip> to <localhost> <port>
|
actionban = ipfw add <rulenum> set <setnum> <blocktype> log <block> from <ip> to <dst> <port>
|
||||||
|
|
||||||
|
|
||||||
# Option: actionunban
|
# Option: actionunban
|
||||||
|
|
@ -44,24 +44,45 @@ actionban = ipfw add <rulenum> set 10 deny log tcp from <ip> to <localhost> <por
|
||||||
# Tags: <ip> IP address
|
# Tags: <ip> IP address
|
||||||
# Values: CMD
|
# Values: CMD
|
||||||
#
|
#
|
||||||
actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
|
actionunban = ipfw delete `ipfw list | grep -i <ip> | grep -i <port> | awk '{print $1;}'`
|
||||||
|
#actionunban = ipfw delete `ipfw list | sed -n '/^\([0-9]*\) set <setnum> <blocktype> log <block> from <ip> to <dst> ?<port>$/s//\1/p'`
|
||||||
|
|
||||||
[Init]
|
[Init]
|
||||||
|
|
||||||
# Option: port
|
# Option: port
|
||||||
# Notes.: specifies port to monitor
|
# Notes.: specifies port to block. Can be blank however may require block="ip"
|
||||||
# Values: [ NUM | STRING ]
|
# Values: [ NUM | STRING ]
|
||||||
#
|
#
|
||||||
port = ssh
|
port = ssh
|
||||||
|
|
||||||
# Option: localhost
|
# Option: dst
|
||||||
# Notes.: the local IP address of the network interface
|
# Notes.: the local IP address of the network interface
|
||||||
# Values: IP
|
# Values: IP, any, me or anything support by ipfw as a dst
|
||||||
#
|
#
|
||||||
localhost = 127.0.0.1
|
dst = me
|
||||||
|
|
||||||
# Option: number for ipfw rule
|
# Option: block
|
||||||
# Values: 1 - 65535
|
# Notes: This is how much to block.
|
||||||
# Random value between 10000 and 12000
|
# Can be "ip", "tcp", "udp" or various other options.
|
||||||
rulenum = "`echo $((RANDOM%%2000+10000))`"
|
# Values: STRING
|
||||||
|
block = tcp
|
||||||
|
|
||||||
|
# Option: blocktype
|
||||||
|
# Notes.: How to block the traffic. Use a action from man 8 ipfw
|
||||||
|
# Common values: deny, unreach port, reset
|
||||||
|
# Values: STRING
|
||||||
|
#
|
||||||
|
blocktype = deny
|
||||||
|
|
||||||
|
# Option: set number
|
||||||
|
# Notes.: The ipset number this is added to.
|
||||||
|
# Values: 0-31
|
||||||
|
setnum = 10
|
||||||
|
|
||||||
|
# Option: number for ipfw rule
|
||||||
|
# Notes: This is meant to be automaticly generated and not overwritten
|
||||||
|
# Values: Random value between 10000 and 12000
|
||||||
|
rulenum="`echo $((RANDOM%%2000+10000))`"
|
||||||
|
|
||||||
|
# Duplicate prevention mechanism
|
||||||
|
#rulenum = "`a=$((RANDOM%%2000+10000)); while ipfw show | grep -q ^$a\ ; do a=$((RANDOM%%2000+10000)); done; echo $a`"
|
||||||
Loading…
Reference in New Issue