github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Update ufw.conf 

Prerequisites:
* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY.
* Ufw version is => 0.36 (released in 2018)

* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses.
* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532
* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open.
   Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option.
   My system apparently is compiled that way.
pull/3018/head
usernamepi 2021-05-06 13:44:36 +02:00 committed by GitHub
parent 71ce548117
commit e4e7a83cff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
config/action.d/ufw.conf
View File

@ -13,17 +13,26 @@ actionstop =
actioncheck = actioncheck =
actionban = [ -n "<application>" ] && app="app <application>" # ufw does "quickly process packets for which we already have a connection" in before.rules,
ufw insert <insertpos> <blocktype> from <ip> to <destination> $app # therefore all related sockets should be closed
# actionban is using `ss` to do so, this only handles IPv4 and IPv6.
actionunban = [ -n "<application>" ] && app="app <application>" actionban = if [ -n "<application>" ] && ufw app info "<application>"
ufw delete <blocktype> from <ip> to <destination> $app then
ufw prepend <blocktype> from <ip> to <destination> app "<application>" comment "<comment>"
else
ufw prepend <blocktype> from <ip> to <destination> comment "<comment>"
fi
ss -K dst [<ip>]
actionunban = if [ -n "<application>" ] && ufw app info "<application>"
then
ufw delete <blocktype> from <ip> to <destination> app "<application>"
else
ufw delete <blocktype> from <ip> to <destination>
fi
[Init] [Init]
# Option: insertpos
# Notes.: The position number in the firewall list to insert the block rule
insertpos = 1
# Option: blocktype # Option: blocktype
# Notes.: reject or deny # Notes.: reject or deny
blocktype = reject blocktype = reject