From f35345ecaa116823d97a8cb271881fded42d8d46 Mon Sep 17 00:00:00 2001
From: Daniel Black <grooverdan@users.sourceforge.net>
Date: Sat, 14 Dec 2013 00:34:12 +0000
Subject: [PATCH 1/2] ENH: add ufw action based off Guilhem Lettron's work in
 lp-#701522. Closes gh-455

---
 ChangeLog                |  1 +
 THANKS                   |  1 +
 config/action.d/ufw.conf | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 config/action.d/ufw.conf

diff --git a/ChangeLog b/ChangeLog
index a0624630..3af0a227 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
   - remove indentation of name and loglevel while logging to SYSLOG to
     resolve syslog(-ng) parsing problems. Closes Debian bug #730202.
   - added squid filter. Thanks Roman Gelfand.
+  - added ufw action. Thanks Guilhem Lettron. lp-#701522
 
 - New Features:
 
diff --git a/THANKS b/THANKS
index 6d4845bb..22b724e4 100644
--- a/THANKS
+++ b/THANKS
@@ -31,6 +31,7 @@ ftoppi
 François Boulogne
 Frédéric
 Georgiy Mernov
+Guilhem Lettron
 Guillaume Delvit
 Hanno 'Rince' Wagner
 Iain Lea
diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
new file mode 100644
index 00000000..21b1fe39
--- /dev/null
+++ b/config/action.d/ufw.conf
@@ -0,0 +1,33 @@
+# Fail2Ban action configuration file for ufw
+#
+# Author: Guilhem Lettron
+# Enhancements: Daniel Black
+
+[Definition]
+
+actionstart = 
+
+actionstop = 
+
+actioncheck = 
+
+actionban = [ -n "<application>" ] && app="app <application>" ; ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
+
+actionunban = [ -n "<application>" ] && app="app <application>" ; ufw delete <blocktype> from <ip> to <destination> $app
+
+[Init]
+# Option: insertpos
+# Notes.:  The postition number in the firewall list to insert the block rule
+insertpos = 2
+
+# Option: blocktype
+# Notes.: reject or deny
+blocktype = reject
+
+# Option: destination
+# Notes.: The destination address to block in the ufw rule
+destination = any
+
+# Option: application
+# Notes.: application from sudo ufw app list
+application = 

From 1ff52dfe4d9c93ddce1cc60878a443a696a496de Mon Sep 17 00:00:00 2001
From: Daniel Black <grooverdan@users.sourceforge.net>
Date: Sat, 14 Dec 2013 00:40:47 +0000
Subject: [PATCH 2/2] DOC: document ufw a bit more. Change insertpos default to
 1 to allow it to work if the user run ufw enable

---
 config/action.d/ufw.conf | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
index 21b1fe39..c826729d 100644
--- a/config/action.d/ufw.conf
+++ b/config/action.d/ufw.conf
@@ -1,7 +1,9 @@
 # Fail2Ban action configuration file for ufw
 #
-# Author: Guilhem Lettron
-# Enhancements: Daniel Black
+# You are required to run "ufw enable" before this will have an effect.
+#
+# The insert position should be approprate to block the required traffic.
+# A number after an allow rule to the application won't be much use.
 
 [Definition]
 
@@ -18,7 +20,7 @@ actionunban = [ -n "<application>" ] && app="app <application>" ; ufw delete <bl
 [Init]
 # Option: insertpos
 # Notes.:  The postition number in the firewall list to insert the block rule
-insertpos = 2
+insertpos = 1
 
 # Option: blocktype
 # Notes.: reject or deny
@@ -31,3 +33,8 @@ destination = any
 # Option: application
 # Notes.: application from sudo ufw app list
 application = 
+
+# DEV NOTES:
+# 
+# Author: Guilhem Lettron
+# Enhancements: Daniel Black