github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1238 from sebres/fix/gh-1216 

Fixed directly defined banaction for allports jails like pam-generic, recidive, etc
pull/1239/head
Serg G. Brester 2015-10-31 13:17:04 +01:00
parent e825e977cc f359ed8c36
commit eef7771b4e
3 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -22,6 +22,8 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
different log messages), which addresses different behavior on different different log messages), which addresses different behavior on different
exit codes of dash and bash (gh-1155) exit codes of dash and bash (gh-1155)
* Fix jail.conf.5 man's section (gh-1226) * Fix jail.conf.5 man's section (gh-1226)
* Fixed default banaction for allports jails like pam-generic, recidive, etc
with new default variable `banaction_allports` (gh-1216)
- New Features: - New Features:
* New filters: * New filters:

7
config/jail.conf
View File

@ -154,6 +154,7 @@ port = 0:65535
# action_* variables. Can be overridden globally or per # action_* variables. Can be overridden globally or per
# section within jail.local file # section within jail.local file
banaction = iptables-multiport banaction = iptables-multiport
banaction_allports = iptables-allports
# The simplest action to take: ban only # The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
@ -713,7 +714,7 @@ maxretry = 5
[recidive] [recidive]
logpath = /var/log/fail2ban.log logpath = /var/log/fail2ban.log
banaction = iptables-allports banaction = %(banaction_allports)s
bantime = 604800 ; 1 week bantime = 604800 ; 1 week
findtime = 86400 ; 1 day findtime = 86400 ; 1 day
maxretry = 5 maxretry = 5
@ -724,7 +725,7 @@ maxretry = 5
[pam-generic] [pam-generic]
# pam-generic filter can be customized to monitor specific subset of 'tty's # pam-generic filter can be customized to monitor specific subset of 'tty's
banaction = iptables-allports banaction = %(banaction_allports)s
logpath = %(syslog_authpriv)s logpath = %(syslog_authpriv)s
@ -770,7 +771,7 @@ maxretry = 1
enabled = false enabled = false
logpath = /opt/sun/comms/messaging64/log/mail.log_current logpath = /opt/sun/comms/messaging64/log/mail.log_current
maxretry = 6 maxretry = 6
banaction = iptables-allports banaction = %(banaction_allports)s
[directadmin] [directadmin]
enabled = false enabled = false

6
man/jail.conf.5
View File

@ -146,6 +146,12 @@ Ensure syslog or the program that generates the log file isn't configured to com
.B logencoding .B logencoding
encoding of log files used for decoding. Default value of "auto" uses current system locale. encoding of log files used for decoding. Default value of "auto" uses current system locale.
.TP .TP
.B banaction
default banning action (iptables-multiport) for all jails specified in the \fI[DEFAULT]\fR section.
.TP
.B banaction_allports
default allports banning action (iptables-allports) for some jails like "pam-generic" or "recidive", specified in the \fI[DEFAULT]\fR section.
.TP
.B action .B action
action(s) from \fI/etc/fail2ban/action.d/\fR without the \fI.conf\fR/\fI.local\fR extension. Arguments can be passed to actions to override the default values from the [Init] section in the action file. Arguments are specified by: action(s) from \fI/etc/fail2ban/action.d/\fR without the \fI.conf\fR/\fI.local\fR extension. Arguments can be passed to actions to override the default values from the [Init] section in the action file. Arguments are specified by:
.RS .RS