|
|
|
|
@ -151,22 +151,22 @@ port = 0:65535
|
|
|
|
|
banaction = iptables-multiport
|
|
|
|
|
|
|
|
|
|
# The simplest action to take: ban only
|
|
|
|
|
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
|
|
|
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
|
|
|
|
|
|
|
|
# ban & send an e-mail with whois report to the destemail.
|
|
|
|
|
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
|
|
|
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
|
|
|
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
|
|
|
|
|
|
|
|
# ban & send an e-mail with whois report and relevant log lines
|
|
|
|
|
# to the destemail.
|
|
|
|
|
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
|
|
|
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
|
|
|
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
|
|
|
|
|
|
|
|
|
|
# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
|
|
|
|
|
#
|
|
|
|
|
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
|
|
|
|
|
# to the destemail.
|
|
|
|
|
action_xarf = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
|
|
|
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
|
|
|
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Yaroslav Halchenko
10 years ago