From d01fe9d22a717a0122143cde41ce5c18a1790f6e Mon Sep 17 00:00:00 2001 From: sebres <serg.brester@sebres.de> Date: Wed, 12 Sep 2018 16:00:40 +0200 Subject: [PATCH] action.d/*.conf: correct comments for actionstart/actionstop --- config/action.d/abuseipdb.conf | 4 ++-- config/action.d/blocklist_de.conf | 4 ++-- config/action.d/bsd-ipfw.conf | 4 ++-- config/action.d/cloudflare.conf | 4 ++-- config/action.d/complain.conf | 4 ++-- config/action.d/dshield.conf | 4 ++-- config/action.d/dummy.conf | 4 ++-- config/action.d/hostsdeny.conf | 4 ++-- config/action.d/ipfilter.conf | 4 ++-- config/action.d/ipfw.conf | 4 ++-- config/action.d/iptables-allports.conf | 4 ++-- config/action.d/iptables-ipset-proto4.conf | 4 ++-- config/action.d/iptables-ipset-proto6-allports.conf | 4 ++-- config/action.d/iptables-ipset-proto6.conf | 4 ++-- config/action.d/iptables-multiport-log.conf | 4 ++-- config/action.d/iptables-multiport.conf | 4 ++-- config/action.d/iptables-new.conf | 4 ++-- config/action.d/iptables-xt_recent-echo.conf | 4 ++-- config/action.d/iptables.conf | 4 ++-- config/action.d/mail-buffered.conf | 4 ++-- config/action.d/mail-whois-lines.conf | 4 ++-- config/action.d/mail-whois.conf | 4 ++-- config/action.d/mail.conf | 4 ++-- config/action.d/mynetwatchman.conf | 4 ++-- config/action.d/nftables-common.conf | 4 ++-- config/action.d/npf.conf | 4 ++-- config/action.d/nsupdate.conf | 4 ++-- config/action.d/osx-ipfw.conf | 4 ++-- config/action.d/pf.conf | 4 ++-- config/action.d/sendmail-buffered.conf | 4 ++-- config/action.d/sendmail-common.conf | 4 ++-- config/action.d/shorewall-ipset-proto6.conf | 4 ++-- config/action.d/shorewall.conf | 4 ++-- config/action.d/symbiosis-blacklist-allports.conf | 4 ++-- 34 files changed, 68 insertions(+), 68 deletions(-) diff --git a/config/action.d/abuseipdb.conf b/config/action.d/abuseipdb.conf index 279c299e..c53ed489 100644 --- a/config/action.d/abuseipdb.conf +++ b/config/action.d/abuseipdb.conf @@ -48,13 +48,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/blocklist_de.conf b/config/action.d/blocklist_de.conf index 3859c637..ba6d427b 100644 --- a/config/action.d/blocklist_de.conf +++ b/config/action.d/blocklist_de.conf @@ -31,13 +31,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/bsd-ipfw.conf b/config/action.d/bsd-ipfw.conf index 4fbe9195..5116b0d8 100644 --- a/config/action.d/bsd-ipfw.conf +++ b/config/action.d/bsd-ipfw.conf @@ -11,14 +11,14 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = ipfw show | fgrep -c -m 1 -s 'table(<table>)' > /dev/null 2>&1 || ( ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" ) # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = [ ! -f <startstatefile> ] || ( read num < "<startstatefile>" <br> ipfw -q delete $num <br> rm "<startstatefile>" ) diff --git a/config/action.d/cloudflare.conf b/config/action.d/cloudflare.conf index 89df5b9e..1c48a37f 100644 --- a/config/action.d/cloudflare.conf +++ b/config/action.d/cloudflare.conf @@ -15,13 +15,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf index 1f74d635..3a5f882c 100644 --- a/config/action.d/complain.conf +++ b/config/action.d/complain.conf @@ -41,13 +41,13 @@ debug = 0 norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf index 4f2e09ca..c128bef3 100644 --- a/config/action.d/dshield.conf +++ b/config/action.d/dshield.conf @@ -32,13 +32,13 @@ norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = if [ -f <tmpfile>.buffer ]; then diff --git a/config/action.d/dummy.conf b/config/action.d/dummy.conf index 41250c27..eb07e320 100644 --- a/config/action.d/dummy.conf +++ b/config/action.d/dummy.conf @@ -7,7 +7,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = if [ ! -z '<target>' ]; then touch <target>; fi; @@ -22,7 +22,7 @@ actionflush = printf %%b "-*\n" <to_target> echo "%(debug)s clear all" # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = if [ ! -z '<target>' ]; then rm -f <target>; fi; diff --git a/config/action.d/hostsdeny.conf b/config/action.d/hostsdeny.conf index 2a93c82b..8eebbaff 100644 --- a/config/action.d/hostsdeny.conf +++ b/config/action.d/hostsdeny.conf @@ -8,13 +8,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/ipfilter.conf b/config/action.d/ipfilter.conf index 61420e38..02091d60 100644 --- a/config/action.d/ipfilter.conf +++ b/config/action.d/ipfilter.conf @@ -9,7 +9,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # # enable IPF if not already enabled @@ -17,7 +17,7 @@ actionstart = /sbin/ipf -E # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # # don't disable IPF with "/sbin/ipf -D", there may be other filters in use diff --git a/config/action.d/ipfw.conf b/config/action.d/ipfw.conf index 37625209..956b154b 100644 --- a/config/action.d/ipfw.conf +++ b/config/action.d/ipfw.conf @@ -8,14 +8,14 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/iptables-allports.conf b/config/action.d/iptables-allports.conf index dbea5984..caf9ab81 100644 --- a/config/action.d/iptables-allports.conf +++ b/config/action.d/iptables-allports.conf @@ -14,7 +14,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = <iptables> -N f2b-<name> @@ -22,7 +22,7 @@ actionstart = <iptables> -N f2b-<name> <iptables> -I <chain> -p <protocol> -j f2b-<name> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name> diff --git a/config/action.d/iptables-ipset-proto4.conf b/config/action.d/iptables-ipset-proto4.conf index 30353f36..99ebbf8c 100644 --- a/config/action.d/iptables-ipset-proto4.conf +++ b/config/action.d/iptables-ipset-proto4.conf @@ -24,7 +24,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = ipset --create f2b-<name> iphash @@ -38,7 +38,7 @@ actionstart = ipset --create f2b-<name> iphash actionflush = ipset --flush f2b-<name> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype> diff --git a/config/action.d/iptables-ipset-proto6-allports.conf b/config/action.d/iptables-ipset-proto6-allports.conf index b761ad8c..dc7d63a7 100644 --- a/config/action.d/iptables-ipset-proto6-allports.conf +++ b/config/action.d/iptables-ipset-proto6-allports.conf @@ -23,7 +23,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt> @@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt> actionflush = ipset flush <ipmset> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = <iptables> -D <chain> -m set --match-set <ipmset> src -j <blocktype> diff --git a/config/action.d/iptables-ipset-proto6.conf b/config/action.d/iptables-ipset-proto6.conf index e337eedf..f88777b8 100644 --- a/config/action.d/iptables-ipset-proto6.conf +++ b/config/action.d/iptables-ipset-proto6.conf @@ -23,7 +23,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt> @@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt> actionflush = ipset flush <ipmset> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype> diff --git a/config/action.d/iptables-multiport-log.conf b/config/action.d/iptables-multiport-log.conf index 62c2b4b1..df126dbf 100644 --- a/config/action.d/iptables-multiport-log.conf +++ b/config/action.d/iptables-multiport-log.conf @@ -16,7 +16,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = <iptables> -N f2b-<name> @@ -34,7 +34,7 @@ actionflush = <iptables> -F f2b-<name> <iptables> -F f2b-<name>-log # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name> diff --git a/config/action.d/iptables-multiport.conf b/config/action.d/iptables-multiport.conf index c05f6ffc..41b00c54 100644 --- a/config/action.d/iptables-multiport.conf +++ b/config/action.d/iptables-multiport.conf @@ -11,7 +11,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = <iptables> -N f2b-<name> @@ -19,7 +19,7 @@ actionstart = <iptables> -N f2b-<name> <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name> diff --git a/config/action.d/iptables-new.conf b/config/action.d/iptables-new.conf index 5b316807..39a17099 100644 --- a/config/action.d/iptables-new.conf +++ b/config/action.d/iptables-new.conf @@ -13,7 +13,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = <iptables> -N f2b-<name> @@ -21,7 +21,7 @@ actionstart = <iptables> -N f2b-<name> <iptables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = <iptables> -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name> diff --git a/config/action.d/iptables-xt_recent-echo.conf b/config/action.d/iptables-xt_recent-echo.conf index 1970de14..97449222 100644 --- a/config/action.d/iptables-xt_recent-echo.conf +++ b/config/action.d/iptables-xt_recent-echo.conf @@ -12,7 +12,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # # Changing iptables rules requires root privileges. If fail2ban is @@ -42,7 +42,7 @@ actionstart = if [ `id -u` -eq 0 ];then <iptables> -I <chain> -m recent --update actionflush = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = echo / > /proc/net/xt_recent/<iptname> diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf index bf83e24a..8ed5fdad 100644 --- a/config/action.d/iptables.conf +++ b/config/action.d/iptables.conf @@ -11,7 +11,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = <iptables> -N f2b-<name> @@ -19,7 +19,7 @@ actionstart = <iptables> -N f2b-<name> <iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = <iptables> -D <chain> -p <protocol> --dport <port> -j f2b-<name> diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf index 88cd623f..325f185b 100644 --- a/config/action.d/mail-buffered.conf +++ b/config/action.d/mail-buffered.conf @@ -10,7 +10,7 @@ norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Hi,\n @@ -20,7 +20,7 @@ actionstart = printf %%b "Hi,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = if [ -f <tmpfile> ]; then diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf index 37e2d9b0..3a3e56b2 100644 --- a/config/action.d/mail-whois-lines.conf +++ b/config/action.d/mail-whois-lines.conf @@ -15,7 +15,7 @@ before = mail-whois-common.conf norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Hi,\n @@ -24,7 +24,7 @@ actionstart = printf %%b "Hi,\n Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on <fq-hostname>" <dest> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = printf %%b "Hi,\n diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf index 1f69f4c6..7fea34c4 100644 --- a/config/action.d/mail-whois.conf +++ b/config/action.d/mail-whois.conf @@ -14,7 +14,7 @@ before = mail-whois-common.conf norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Hi,\n @@ -23,7 +23,7 @@ actionstart = printf %%b "Hi,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = printf %%b "Hi,\n diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf index cfc1cf65..5d8c0e15 100644 --- a/config/action.d/mail.conf +++ b/config/action.d/mail.conf @@ -10,7 +10,7 @@ norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Hi,\n @@ -19,7 +19,7 @@ actionstart = printf %%b "Hi,\n Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = printf %%b "Hi,\n diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf index 8f3edf9e..b0ab2cc3 100644 --- a/config/action.d/mynetwatchman.conf +++ b/config/action.d/mynetwatchman.conf @@ -28,13 +28,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/nftables-common.conf b/config/action.d/nftables-common.conf index 83311087..37045712 100644 --- a/config/action.d/nftables-common.conf +++ b/config/action.d/nftables-common.conf @@ -25,7 +25,7 @@ after = nftables-common.local nftables_mode = <protocol> dport \{ <port> \} # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = <nftables> add set <nftables_family> <nftables_table> <set_name> \{ type <nftables_type>\; \} @@ -35,7 +35,7 @@ _nft_list = <nftables> --handle --numeric list chain <nftables_family> <nftables _nft_get_handle_id = grep -m1 '<address_family> saddr @<set_name> <blocktype> # handle' | grep -oe ' handle [0-9]*' # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = HANDLE_ID=$(%(_nft_list)s | %(_nft_get_handle_id)s) diff --git a/config/action.d/npf.conf b/config/action.d/npf.conf index 8b00d177..3bbb2f51 100644 --- a/config/action.d/npf.conf +++ b/config/action.d/npf.conf @@ -9,7 +9,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # # we don't enable NPF automatically, as it will be enabled elsewhere @@ -17,7 +17,7 @@ actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # # we don't disable NPF automatically either diff --git a/config/action.d/nsupdate.conf b/config/action.d/nsupdate.conf index 7886825c..ef56c6bd 100644 --- a/config/action.d/nsupdate.conf +++ b/config/action.d/nsupdate.conf @@ -42,14 +42,14 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/osx-ipfw.conf b/config/action.d/osx-ipfw.conf index abe4009c..6ff6afdf 100644 --- a/config/action.d/osx-ipfw.conf +++ b/config/action.d/osx-ipfw.conf @@ -9,14 +9,14 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf index 905312c3..933b4de0 100644 --- a/config/action.d/pf.conf +++ b/config/action.d/pf.conf @@ -10,7 +10,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # # we don't enable PF automatically; to enable run pfctl -e @@ -35,7 +35,7 @@ actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f- actionstart_on_demand = false # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # # we only disable PF rules we've installed prior diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf index 37bc642d..199c6ce5 100644 --- a/config/action.d/sendmail-buffered.conf +++ b/config/action.d/sendmail-buffered.conf @@ -14,7 +14,7 @@ before = sendmail-common.conf norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname> @@ -27,7 +27,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname> Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = if [ -f <tmpfile> ]; then diff --git a/config/action.d/sendmail-common.conf b/config/action.d/sendmail-common.conf index 46eca9ca..9bf15054 100644 --- a/config/action.d/sendmail-common.conf +++ b/config/action.d/sendmail-common.conf @@ -11,7 +11,7 @@ after = sendmail-common.local [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname> @@ -24,7 +24,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname> Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname> diff --git a/config/action.d/shorewall-ipset-proto6.conf b/config/action.d/shorewall-ipset-proto6.conf index 1ebcfb01..fc7dd24e 100644 --- a/config/action.d/shorewall-ipset-proto6.conf +++ b/config/action.d/shorewall-ipset-proto6.conf @@ -47,7 +47,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null; @@ -55,7 +55,7 @@ actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null; fi # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = ipset flush f2b-<name> diff --git a/config/action.d/shorewall.conf b/config/action.d/shorewall.conf index 282b95af..dcef8829 100644 --- a/config/action.d/shorewall.conf +++ b/config/action.d/shorewall.conf @@ -17,13 +17,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/symbiosis-blacklist-allports.conf b/config/action.d/symbiosis-blacklist-allports.conf index c24a8e0a..6fb7d0af 100644 --- a/config/action.d/symbiosis-blacklist-allports.conf +++ b/config/action.d/symbiosis-blacklist-allports.conf @@ -10,13 +10,13 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop =