From b3a90d749224e46a43afcb5166a39d4abbdec60c Mon Sep 17 00:00:00 2001 From: Cyril Jaquier Date: Sun, 7 Aug 2005 13:06:56 +0000 Subject: [PATCH] - Changed mask to 16 - Removed "-i eth0". Match all interfaces git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_5@178 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- config/fail2ban.conf.default | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default index 45f063a7..5ec5330c 100644 --- a/config/fail2ban.conf.default +++ b/config/fail2ban.conf.default @@ -45,9 +45,9 @@ bantime = 600 # Notes.: space separated list of IP's to be ignored by fail2ban. # You can use CIDR mask in order to specify a range. # Example: ignoreip = 192.168.0.1/24 123.45.235.65 -# Values: IP Default: 192.168.0.0/24 +# Values: IP Default: 192.168.0.0/16 # -ignoreip = 192.168.0.0/24 +ignoreip = 192.168.0.0/16 # Option: cmdstart # Notes.: command executed once at the start of Fail2Ban @@ -145,14 +145,14 @@ logfile = /var/log/httpd/access_log # Values: CMD Default: # fwstart = iptables -N fail2ban-http - iptables -I INPUT -i eth0 -p tcp --dport http -j fail2ban-http + iptables -I INPUT -p tcp --dport http -j fail2ban-http iptables -A fail2ban-http -j RETURN # Option: fwend # Notes.: command executed once at the end of Fail2Ban # Values: CMD Default: # -fwend = iptables -D INPUT -i eth0 -p tcp --dport http -j fail2ban-http +fwend = iptables -D INPUT -p tcp --dport http -j fail2ban-http iptables -D fail2ban-http -j RETURN iptables -X fail2ban-http @@ -164,9 +164,9 @@ fwend = iptables -D INPUT -i eth0 -p tcp --dport http -j fail2ban-http # unix timestamp of the last failure # unix timestamp of the ban time # Values: CMD -# Default: iptables -I INPUT 1 -i eth0 -s -j DROP +# Default: iptables -I INPUT 1 -s -j DROP # -fwban = iptables -I fail2ban-http 1 -i eth0 -s -j DROP +fwban = iptables -I fail2ban-http 1 -s -j DROP # Option: fwunban # Notes.: command executed when unbanning an IP. Take care that the @@ -175,9 +175,9 @@ fwban = iptables -I fail2ban-http 1 -i eth0 -s -j DROP # unix timestamp of the ban time # unix timestamp of the unban time # Values: CMD -# Default: iptables -D INPUT -i eth0 -s -j DROP +# Default: iptables -D INPUT -s -j DROP # -fwunban = iptables -D fail2ban-http -i eth0 -s -j DROP +fwunban = iptables -D fail2ban-http -s -j DROP # Option: timeregex # Notes.: regex to match timestamp in Apache logfile. @@ -217,14 +217,14 @@ logfile = /var/log/secure # Values: CMD Default: # fwstart = iptables -N fail2ban-ssh - iptables -I INPUT -i eth0 -p tcp --dport ssh -j fail2ban-ssh + iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh iptables -A fail2ban-ssh -j RETURN # Option: fwend # Notes.: command executed once at the end of Fail2Ban # Values: CMD Default: # -fwend = iptables -D INPUT -i eth0 -p tcp --dport ssh -j fail2ban-ssh +fwend = iptables -D INPUT -p tcp --dport ssh -j fail2ban-ssh iptables -D fail2ban-ssh -j RETURN iptables -X fail2ban-ssh @@ -236,9 +236,9 @@ fwend = iptables -D INPUT -i eth0 -p tcp --dport ssh -j fail2ban-ssh # unix timestamp of the last failure # unix timestamp of the ban time # Values: CMD -# Default: iptables -I INPUT 1 -i eth0 -s -j DROP +# Default: iptables -I INPUT 1 -s -j DROP # -fwban = iptables -I fail2ban-ssh 1 -i eth0 -s -j DROP +fwban = iptables -I fail2ban-ssh 1 -s -j DROP # Option: fwunbanrule # Notes.: command executed when unbanning an IP. Take care that the @@ -247,9 +247,9 @@ fwban = iptables -I fail2ban-ssh 1 -i eth0 -s -j DROP # unix timestamp of the ban time # unix timestamp of the unban time # Values: CMD -# Default: iptables -D INPUT -i eth0 -s -j DROP +# Default: iptables -D INPUT -s -j DROP # -fwunban = iptables -D fail2ban-ssh -i eth0 -s -j DROP +fwunban = iptables -D fail2ban-ssh -s -j DROP # Option: timeregex # Notes.: regex to match timestamp in SSH logfile.