added osx specific ipfw action with random rulenum

2013-08-26 16:06:23 -07:00 · 2013-08-26 16:06:23 -07:00 · ef504c869f
parent 265a85ec1f
commit ef504c869f
1 changed files with 67 additions and 0 deletions
--- a/config/action.d/osx-ipfw.conf
+++ b/config/action.d/osx-ipfw.conf
@ -0,0 +1,67 @@
+# Fail2Ban configuration file
+#
+# Author: Nick Munger
+# Modified by: Andy Fragen
+#
+# Mod for OS X, using random rulenum
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = 
+
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = 
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+# Values:  CMD
+#
+actionban = ipfw add <rulenum> set 10 deny log tcp from <ip> to <localhost> <port>
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+# Values:  CMD
+#
+actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
+
+[Init]
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  localhost
+# Notes.:  the local IP address of the network interface
+# Values:  IP
+#
+localhost = 127.0.0.1
+
+# Option: number for ipfw rule
+# Values: 1 - 65535
+# Random value between 10000 and 12000
+rulenum = "`echo $((RANDOM%%2000+10000))`"
+