Merge pull request #905 from TorontoMedia/master

Firewallcmd-multiport.conf and Firewallcmd-allports.conf
2015-01-04 11:23:21 -05:00 · 2015-01-04 11:23:21 -05:00 · a8f26cd2b2
parent 8fc32bb33f 74c3d5d96c
commit a8f26cd2b2
4 changed files with 120 additions and 1 deletions
--- a/4
+++ b/4
@ -30,7 +30,9 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released
     (opposite to simply set failregex/ignoreregex that overwrites it),
     see gh-867.
   - Monit config for fail2ban in /files/monit
-
+   - New actions:
+     - action.d/firewallcmd-multiport and action.d/firewallcmd-allports Thanks Donald Yandt
+     
 - Enhancements:
   * Enable multiport for firewallcmd-new action.  Closes gh-834
   * files/debian-initd migrated from the debian branch and should be
--- a/1
+++ b/1
@ -33,6 +33,7 @@ Daniel B.
 Daniel Black
 David Nutter
 Derek Atkins
+Donald Yandt
 Eric Gerbier
 Enrico Labedzki
 Eugene Hopkinson (SlowRiot)
--- a/config/action.d/firewallcmd-allports.conf
+++ b/config/action.d/firewallcmd-allports.conf
@ -0,0 +1,52 @@
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt 
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
+              firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -j f2b-<name>
+             firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
+             firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
+
+
+# Note:  uses regular expression whitespaces '\s' & end of line '$'
+# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | grep -q '\sf2b-recidive$'
+
+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q '\sf2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+chain = INPUT_direct
+
+# DEV NOTES:
+#
+# Author: Donald Yandt 
+# Uses "FirewallD" instead of the "iptables daemon".
+#
+#
+# Output:
+
+# actionstart:
+# $ firewall-cmd --direct --add-chain ipv4 filter f2b-recidive
+# success
+# $ firewall-cmd --direct --add-rule ipv4 filter f2b-recidive 1000 -j RETURN
+# success
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-recidive
+# success
+
--- a/config/action.d/firewallcmd-multiport.conf
+++ b/config/action.d/firewallcmd-multiport.conf
@ -0,0 +1,64 @@
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt 
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
+              firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
+             firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
+
+# Note:  uses regular expression whitespaces '\s' & end of line '$'
+# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | grep -q '\sf2b-apache-modsecurity$'
+
+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q '\sf2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+name = default
+
+chain = INPUT_direct
+
+# Could also use port numbers separated by a comma. 
+port = 1:65535
+
+
+# Option:  protocol
+# Values:  [ tcp | udp | icmp | all ]
+
+protocol = tcp
+
+
+
+# DEV NOTES:
+#
+# Author: Donald Yandt 
+# Uses "FirewallD" instead of the "iptables daemon".
+#
+#
+# Output:
+# actionstart:
+# $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity
+# success
+# $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN
+# success
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
+# success
+# actioncheck:
+# $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | grep -q '\sf2b-apache-modsecurity$'
+# f2b-apache-modsecurity
+