# Fail2Ban configuration file # # Because of the --remove-rules in stop this action requires firewalld-0.3.8+ [INCLUDES] before = iptables-blocktype.conf [Definition] actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b- firewall-cmd --direct --add-rule ipv4 filter f2b- 1000 -j RETURN firewall-cmd --direct --add-rule ipv4 filter 0 -m state --state NEW -p --dport -j f2b- actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -m state --state NEW -p --dport -j f2b- firewall-cmd --direct --remove-rules ipv4 filter f2b- firewall-cmd --direct --remove-chain ipv4 filter f2b- actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q 'f2b-$' actionban = firewall-cmd --direct --add-rule ipv4 filter f2b- 0 -s -j actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b- 0 -s -j [Init] # Default name of the chain # name = default # Option: port # Notes.: specifies port to monitor # Values: [ NUM | STRING ] # port = ssh # Option: protocol # Notes.: internally used by config reader for interpolations. # Values: [ tcp | udp | icmp | all ] # protocol = tcp # Option: chain # Notes specifies the iptables chain to which the fail2ban rules should be # added # Values: [ STRING ] # chain = INPUT_direct # DEV NOTES: # # Author: Edgar Hoch # Copied from iptables-new.conf and modified for use with firewalld by Edgar Hoch. # It uses "firewall-cmd" instead of "iptables". # # Output: # # $ firewall-cmd --direct --add-chain ipv4 filter fail2ban-name # success # $ firewall-cmd --direct --add-rule ipv4 filter fail2ban-name 1000 -j RETURN # success # $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp --dport 22 -j fail2ban-name # success # $ firewall-cmd --direct --get-chains ipv4 filter # fail2ban-name # $ firewall-cmd --direct --get-chains ipv4 filter | od -h # 0000000 6166 6c69 6232 6e61 6e2d 6d61 0a65 # $ firewall-cmd --direct --get-chains ipv4 filter | grep -Eq 'fail2ban-name( |$)' ; echo $? # 0 # $ firewall-cmd -V # 0.3.8