sebres
067b76fc9e
Merge branch '0.10' into 0.11
2020-08-04 15:40:59 +02:00
sebres
73a8175bb0
resolves names conflict (command action timeout and ipset timeout); closes gh-2790
2020-08-04 13:22:02 +02:00
sebres
1588200274
Merge branch '0.10' into 0.11
2020-05-25 18:58:05 +02:00
sebres
87a1a2f1a1
action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)
2020-04-25 14:52:38 +02:00
sebres
8a0c06ba9e
Merge branch '0.10' into 0.11
2018-09-14 11:01:40 +02:00
sebres
d01fe9d22a
action.d/*.conf: correct comments for actionstart/actionstop
2018-09-12 16:01:57 +02:00
sebres
309a1cb337
restore timeout for ipset-based actions: on some systems ipset created without default timeout may cause "Kernel error received: Unknown error -1" (gh-1994);
...
thus new option `default-timeout` introduced (because of dynamical bantime in 0.10, it cannot be used here).
2017-12-06 02:38:10 +01:00
sebres
c21b4e4d56
[ban-time-incr] prolong ban, dynamic bantime, etc.:
...
- dynamic bantime: introduces new action-tag `<bantime>` corresponds to the current ban-time of the ticket;
Note: because it is dynamic, it should be normally removed from `jail.conf` (resp. `jail.local`).
- introduced new action command `actionprolong`, used for prolongation of the timeout (ban-time of the ticket);
- removed default `timeout` from `actionstart` of several actions;
- faster and safer function escapeTag (replacement at once in one run, '\n' and '\r' escaped also);
2017-05-17 13:25:06 +02:00
sebres
d03872fbbf
bulk unban: add new command `actionflush` default for several iptables/iptables-ipset actions (and common include):
...
iptables-common
iptables
iptables-allports
iptables-multiport-log
iptables-multiport
iptables-new
iptables-ipset-proto4
iptables-ipset-proto6
iptables-ipset-proto6-allports
executing `actionflush` command covered for this actions now
2017-03-29 23:24:11 +02:00
sebres
504e5ba6f2
actions support IPv6 now:
...
- introduced "conditional" sections, see for example `[Init?family=inet6]`;
- iptables-common and other iptables config(s) made IPv6 capable;
- several small code optimizations;
* all test cases passed (py3.x compatible);
2016-05-11 16:54:28 +02:00
Yaroslav Halchenko
916937bb6a
RF: use <iptables> to take effect of it being a parameter
2015-07-23 21:38:10 -04:00
SATO Kentaro
65ff3e9604
ENH: Introduce iptables-common.conf.
2014-06-18 19:04:57 +09:00
SATO Kentaro
1e1c4ac62a
ENH: Add <chain> to iptables-ipsets.
2014-06-16 21:30:13 +09:00
Daniel Black
af4feb0c92
Actions to have f2b- as prefix instead of fail2ban- as per #462
2013-11-29 19:08:38 +11:00
Daniel Black
1a5e17f2a3
BF: use blocktype for iptables-ipset-proto6*
2013-10-09 11:59:16 +11:00
Daniel Black
9c03ee6d9e
ENH: consolidate where blocktype is defined for iptables rules
2013-05-08 07:52:08 +10:00
Daniel Black
3b4a7b7926
ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
2013-05-05 15:43:18 +10:00
Daniel Black
67544d1dd6
DOC: tags are documented in the jail.conf(5) man page
2013-03-17 10:52:49 +11:00
Pascal Borreli
a2b29b4875
Fixed typos
2013-03-10 22:05:33 +00:00
Daniel Black
9221886df6
more documentation and optimisations/fixes based on testing
2012-12-31 14:31:37 +11:00
Daniel Black
abd5984234
base ipset support
2012-12-31 14:31:37 +11:00