mirror of https://github.com/fail2ban/fail2ban
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
2.5 KiB
84 lines
2.5 KiB
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
## 00_iptables_NEW.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
##
|
|
## All lines beginning with `## DP:' are a description of the patch.
|
|
## DP: No description.
|
|
|
|
@DPATCH@
|
|
diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/config/action.d/iptables-new.conf
|
|
--- fail2ban-0.7.4~/config/action.d/iptables-new.conf 1969-12-31 19:00:00.000000000 -0500
|
|
+++ fail2ban-0.7.4/config/action.d/iptables-new.conf 2006-11-10 18:01:27.000000000 -0500
|
|
@@ -0,0 +1,72 @@
|
|
+# Fail2Ban configuration file
|
|
+#
|
|
+# Author: Cyril Jaquier
|
|
+# Copied from iptables.conf and modified by Yaroslav Halchenko
|
|
+# to fullfill the needs of bugreporter dbts#350746.
|
|
+#
|
|
+# $Revision: 394 $
|
|
+#
|
|
+
|
|
+[Definition]
|
|
+
|
|
+# Option: fwstart
|
|
+# Notes.: command executed once at the start of Fail2Ban.
|
|
+# Values: CMD
|
|
+#
|
|
+actionstart = iptables -N fail2ban-<name>
|
|
+ iptables -A fail2ban-<name> -j RETURN
|
|
+ iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
|
|
+
|
|
+# Option: fwend
|
|
+# Notes.: command executed once at the end of Fail2Ban
|
|
+# Values: CMD
|
|
+#
|
|
+actionstop = iptables -D INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
|
|
+ iptables -F fail2ban-<name>
|
|
+ iptables -X fail2ban-<name>
|
|
+
|
|
+# Option: fwcheck
|
|
+# Notes.: command executed once before each fwban command
|
|
+# Values: CMD
|
|
+#
|
|
+actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
|
|
+
|
|
+# Option: fwban
|
|
+# Notes.: command executed when banning an IP. Take care that the
|
|
+# command is executed with Fail2Ban user rights.
|
|
+# Tags: <ip> IP address
|
|
+# <failures> number of failures
|
|
+# <failtime> unix timestamp of the last failure
|
|
+# <bantime> unix timestamp of the ban time
|
|
+# Values: CMD
|
|
+#
|
|
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
|
|
+
|
|
+# Option: fwunban
|
|
+# Notes.: command executed when unbanning an IP. Take care that the
|
|
+# command is executed with Fail2Ban user rights.
|
|
+# Tags: <ip> IP address
|
|
+# <bantime> unix timestamp of the ban time
|
|
+# <unbantime> unix timestamp of the unban time
|
|
+# Values: CMD
|
|
+#
|
|
+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
|
|
+
|
|
+[Init]
|
|
+
|
|
+# Defaut name of the chain
|
|
+#
|
|
+name = default
|
|
+
|
|
+# Option: port
|
|
+# Notes.: specifies port to monitor
|
|
+# Values: [ NUM | STRING ] Default:
|
|
+#
|
|
+port = ssh
|
|
+
|
|
+# Option: protocol
|
|
+# Notes.: internally used by config reader for interpolations.
|
|
+# Values: [ tcp | udp | icmp | all ] Default: tcp
|
|
+#
|
|
+protocol = tcp
|
|
+
|