github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

action.d/ufw.conf: amend to #3018: parameter `kill-mode` extended with conntrack

pull/3064/head
Sergey G. Brester 2021-06-03 12:02:08 +02:00 committed by GitHub
parent c7a86b4616
commit bbfff18280
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/action.d/ufw.conf
View File

@ -33,13 +33,14 @@ actionunban = if [ -n "<application>" ] && ufw app info "<application>"
fi
# Option: kill-mode
# Notes.: can be set to ss (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
# Notes.: can be set to ss or conntrack (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
# Example: banaction = ufw[kill-mode=ss]
kill-mode =
# intern conditional parameter used to provide killing mode after ban:
_kill_ =
_kill_ss = ss -K dst "[<ip>]"
_kill_conntrack = conntrack -D -s "<ip>"
# Option: kill
# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode