From abd5984234dec44efe1f98c05d124501a60bb146 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 11 Dec 2012 22:22:51 +1100 Subject: [PATCH] base ipset support --- config/action.d/iptables-ipset-proto4.conf | 58 +++++++++++++++++++ config/action.d/iptables-ipset-proto6.conf | 65 ++++++++++++++++++++++ 2 files changed, 123 insertions(+) create mode 100644 config/action.d/iptables-ipset-proto4.conf create mode 100644 config/action.d/iptables-ipset-proto6.conf diff --git a/config/action.d/iptables-ipset-proto4.conf b/config/action.d/iptables-ipset-proto4.conf new file mode 100644 index 00000000..21401ad7 --- /dev/null +++ b/config/action.d/iptables-ipset-proto4.conf @@ -0,0 +1,58 @@ +# Fail2Ban configuration file +# +# Author: Daniel Black +# +# Tested against protocol 4 (ipset v4.2) +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = ipset --create fail2ban- iphash + iptables -I INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j DROP + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = iptables -D INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j DROP + ipset --flush fail2ban- + ipset --destroy fail2ban- + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# Values: CMD +# +actionban = ipset --test fail2ban- || ipset --add fail2ban- -exist + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# Values: CMD +# +actionunban = ipset --test fail2ban- && ipset --del fail2ban- + +[Init] + +# Defaut name of the chain +# +name = default + +# Option: port +# Notes.: specifies port to monitor +# Values: [ NUM | STRING ] Default: ssh +# +port = ssh + +# Option: protocol +# Notes.: internally used by config reader for interpolations. +# Values: [ tcp | udp | icmp | all ] Default: tcp +# +protocol = tcp + diff --git a/config/action.d/iptables-ipset-proto6.conf b/config/action.d/iptables-ipset-proto6.conf new file mode 100644 index 00000000..084f8738 --- /dev/null +++ b/config/action.d/iptables-ipset-proto6.conf @@ -0,0 +1,65 @@ +# Fail2Ban configuration file +# +# Author: Daniel Black +# +# Tested against protocol 6 (ipset v6.14) +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = ipset create fail2ban- hash:ip timeout + iptables -I INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j DROP + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = iptables -D INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j DROP + ipset flush fail2ban- + ipset destroy fail2ban- + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# Values: CMD +# +actionban = ipset add fail2ban- -exist + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# Values: CMD +# +actionunban = ipset del fail2ban- -exist + +[Init] + +# Defaut name of the chain +# +name = default + +# Option: port +# Notes.: specifies port to monitor +# Values: [ NUM | STRING ] Default: ssh +# +port = ssh + +# Option: protocol +# Notes.: internally used by config reader for interpolations. +# Values: [ tcp | udp | icmp | all ] Default: tcp +# +protocol = tcp + +# Option: bantime +# Notes: specifies the bantime in seconds (handled internally rather than by fail2ban) +# Values: [ NUM ] Default: 600 + +bantime = 600 + +