# Fail2Ban configuration file # # Author: Donald Yandt # Because of the --remove-rules in stop this action requires firewalld-0.3.8+ [INCLUDES] before = iptables-blocktype.conf [Definition] actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b- firewall-cmd --direct --add-rule ipv4 filter f2b- 1000 -j RETURN firewall-cmd --direct --add-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- firewall-cmd --direct --remove-rules ipv4 filter f2b- firewall-cmd --direct --remove-chain ipv4 filter f2b- # Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$' actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-$' actionban = firewall-cmd --direct --add-rule ipv4 filter f2b- 0 -s -j actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b- 0 -s -j [Init] # Default name of the chain name = default chain = INPUT_direct # Could also use port numbers separated by a comma. port = 1:65535 # Option: protocol # Values: [ tcp | udp | icmp | all ] protocol = tcp # DEV NOTES: # # Author: Donald Yandt # Uses "FirewallD" instead of the "iptables daemon". # # # Output: # actionstart: # $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity # success # $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN # success # $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity # success # actioncheck: # $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$' # f2b-apache-modsecurity