From e74047ae49807a59d06ccfcc48350c2cab35c59a Mon Sep 17 00:00:00 2001
From: Alexander Koeppe <format_c@online.de>
Date: Tue, 17 May 2016 16:27:48 +0200
Subject: [PATCH] revert to common config for PF covering multi and allports

---
 config/action.d/pf-multiport.conf             | 73 -------------------
 config/action.d/{pf-allports.conf => pf.conf} | 11 ++-
 2 files changed, 10 insertions(+), 74 deletions(-)
 delete mode 100644 config/action.d/pf-multiport.conf
 rename config/action.d/{pf-allports.conf => pf.conf} (91%)

diff --git a/config/action.d/pf-multiport.conf b/config/action.d/pf-multiport.conf
deleted file mode 100644
index 6814a9f31..000000000
--- a/config/action.d/pf-multiport.conf
+++ /dev/null
@@ -1,73 +0,0 @@
-# Fail2Ban configuration file
-#
-# OpenBSD pf ban/unban
-#
-# Author: Nick Hilliard <nick@foobar.org>
-# Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6
-#
-#
-
-[Definition]
-
-# Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
-# Values:  CMD
-#
-# we don't enable PF automatically; to enable run pfctl -e 
-# or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD)
-actionstart = echo "table <<tablename>-<name>> persist counters" | pfctl -f- 
-              echo "block proto <protocol> from <<tablename>-<name>> to any port <port>" | pfctl -f-
-
-
-# Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD
-#
-# we only disable PF rules we've installed prior
-actionstop = pfctl -sr 2>/dev/null | grep -v <tablename>-<name> | pfctl -f-
-             pfctl -t <tablename>-<name> -T flush
-             pfctl -t <tablename>-<name> -T kill
-
-
-# Option:  actioncheck
-# Notes.:  command executed once before each actionban command
-# Values:  CMD
-#
-actioncheck = pfctl -sr | grep -q <tablename>-<name>
-
-
-# Option:  actionban
-# Notes.:  command executed when banning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <failures>  number of failures
-#          <time>  unix timestamp of the ban time
-# Values:  CMD
-#
-actionban = pfctl -t <tablename>-<name> -T add <ip>
-
-
-# Option:  actionunban
-# Notes.:  command executed when unbanning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <failures>  number of failures
-#          <time>  unix timestamp of the ban time
-# Values:  CMD
-#
-# note -r option used to remove matching rule
-actionunban = pfctl -t <tablename>-<name> -T delete <ip>
-
-[Init]
-# Option:  tablename
-# Notes.:  The pf table name.
-# Values:  [ STRING ]
-#
-tablename = f2b
-
-# Option:  protocol
-# Notes.:  internally used by config reader for interpolations.
-# Values:  [ tcp | udp | icmp | ipv6-icmp ] Default: tcp
-#
-protocol = tcp
-
diff --git a/config/action.d/pf-allports.conf b/config/action.d/pf.conf
similarity index 91%
rename from config/action.d/pf-allports.conf
rename to config/action.d/pf.conf
index e77bea436..10b0f3285 100644
--- a/config/action.d/pf-allports.conf
+++ b/config/action.d/pf.conf
@@ -16,7 +16,7 @@
 # we don't enable PF automatically; to enable run pfctl -e 
 # or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD)
 actionstart = echo "table <<tablename>-<name>> persist counters" | pfctl -f- 
-              echo "block proto <protocol> from <<tablename>-<name>> to any" | pfctl -f-
+              echo "block proto <protocol> from <<tablename>-<name>> to any <actionoptions>" | pfctl -f-
 
 
 # Option:  actionstop
@@ -71,3 +71,12 @@ tablename = f2b
 #
 protocol = tcp
 
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = telnet
+
+actionoptions = 
+multiport = port <port>