#! /bin/sh /usr/share/dpatch/dpatch-run ## 00_iptables_NEW.dpatch by Yaroslav Halchenko ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: No description. @DPATCH@ diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/config/action.d/iptables-new.conf --- fail2ban-0.7.4~/config/action.d/iptables-new.conf 1969-12-31 19:00:00.000000000 -0500 +++ fail2ban-0.7.4/config/action.d/iptables-new.conf 2006-11-10 18:01:27.000000000 -0500 @@ -0,0 +1,72 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# Copied from iptables.conf and modified by Yaroslav Halchenko +# to fullfill the needs of bugreporter dbts#350746. +# +# $Revision: 394 $ +# + +[Definition] + +# Option: fwstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = iptables -N fail2ban- + iptables -A fail2ban- -j RETURN + iptables -I INPUT -m state --state NEW -p --dport -j fail2ban- + +# Option: fwend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = iptables -D INPUT -m state --state NEW -p --dport -j fail2ban- + iptables -F fail2ban- + iptables -X fail2ban- + +# Option: fwcheck +# Notes.: command executed once before each fwban command +# Values: CMD +# +actioncheck = iptables -L INPUT | grep -q fail2ban- + +# Option: fwban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# number of failures +# unix timestamp of the last failure +# unix timestamp of the ban time +# Values: CMD +# +actionban = iptables -I fail2ban- 1 -s -j DROP + +# Option: fwunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# unix timestamp of the ban time +# unix timestamp of the unban time +# Values: CMD +# +actionunban = iptables -D fail2ban- -s -j DROP + +[Init] + +# Defaut name of the chain +# +name = default + +# Option: port +# Notes.: specifies port to monitor +# Values: [ NUM | STRING ] Default: +# +port = ssh + +# Option: protocol +# Notes.: internally used by config reader for interpolations. +# Values: [ tcp | udp | icmp | all ] Default: tcp +# +protocol = tcp +