mirror of https://github.com/fail2ban/fail2ban
56 lines
1.6 KiB
Plaintext
56 lines
1.6 KiB
Plaintext
# Fail2Ban action configuration file for ufw
|
|
#
|
|
# You are required to run "ufw enable" before this will have any effect.
|
|
#
|
|
# The insert position should be appropriate to block the required traffic.
|
|
# A number after an allow rule to the application won't be of much use.
|
|
|
|
[Definition]
|
|
|
|
actionstart =
|
|
|
|
actionstop =
|
|
|
|
actioncheck =
|
|
|
|
# ufw does "quickly process packets for which we already have a connection" in before.rules,
|
|
# therefore all related sockets should be closed
|
|
# actionban is using `ss` to do so, this only handles IPv4 and IPv6.
|
|
|
|
actionban = if [ -n "<application>" ] && ufw app info "<application>"
|
|
then
|
|
ufw <add> <blocktype> from <ip> to <destination> app "<application>" comment "<comment>"
|
|
else
|
|
ufw <add> <blocktype> from <ip> to <destination> comment "<comment>"
|
|
fi
|
|
ss -K dst [<ip>]
|
|
|
|
actionunban = if [ -n "<application>" ] && ufw app info "<application>"
|
|
then
|
|
ufw delete <blocktype> from <ip> to <destination> app "<application>"
|
|
else
|
|
ufw delete <blocktype> from <ip> to <destination>
|
|
fi
|
|
|
|
[Init]
|
|
# Option: add
|
|
# Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):
|
|
add = prepend
|
|
|
|
# Option: blocktype
|
|
# Notes.: reject or deny
|
|
blocktype = reject
|
|
|
|
# Option: destination
|
|
# Notes.: The destination address to block in the ufw rule
|
|
destination = any
|
|
|
|
# Option: application
|
|
# Notes.: application from sudo ufw app list
|
|
application =
|
|
|
|
# DEV NOTES:
|
|
#
|
|
# Author: Guilhem Lettron
|
|
# Enhancements: Daniel Black
|