diff --git a/ChangeLog b/ChangeLog index 6150aea7..1b6b6138 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,8 @@ ver. 0.8.4 (2008/??/??) - stable #1967610. - Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410. +- Added NetBSD ipfilter (ipf command) action. Thanks to Ed + Ravin. Tracker #2484115. ver. 0.8.3 (2008/07/17) - stable ---------- diff --git a/MANIFEST b/MANIFEST index 39ca0df8..00040912 100644 --- a/MANIFEST +++ b/MANIFEST @@ -83,6 +83,7 @@ config/action.d/complain.conf config/action.d/dshield.conf config/action.d/hostsdeny.conf config/action.d/ipfw.conf +config/action.d/ipfilter.conf config/action.d/iptables.conf config/action.d/iptables-allports.conf config/action.d/iptables-multiport.conf diff --git a/config/action.d/ipfilter.conf b/config/action.d/ipfilter.conf new file mode 100644 index 00000000..991d9e58 --- /dev/null +++ b/config/action.d/ipfilter.conf @@ -0,0 +1,57 @@ +# Fail2Ban configuration file +# +# NetBSD ipfilter (ipf command) ban/unban +# +# Author: Ed Ravin +# +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +# enable IPF if not already enabled +actionstart = /sbin/ipf -E + + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +# don't disable IPF with "/sbin/ipf -D", there may be other filters in use +actionstop = + + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# number of failures +#