Subversion Repositories configs

Rev

Rev 33 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
33 - 1
# Fail2Ban configuration file
2
#
3
# Author: Daniel Black
4
#
5
# This is a included configuration file and includes the definitions for the iptables
6
# used in all iptables based actions by default.
7
#
8
# The user can override the defaults in iptables-common.local
9
 
10
[INCLUDES]
11
 
12
after = iptables-blocktype.local
13
        iptables-common.local
14
# iptables-blocktype.local is obsolete
15
 
16
[Init]
17
 
18
# Option:  chain
19
# Notes    specifies the iptables chain to which the Fail2Ban rules should be
20
#          added
21
# Values:  STRING  Default: INPUT
22
chain = INPUT
23
 
24
# Default name of the chain
25
#
26
name = default
27
 
28
# Option:  port
29
# Notes.:  specifies port to monitor
30
# Values:  [ NUM | STRING ]  Default:
31
#
32
port = ssh
33
 
34
# Option:  protocol
35
# Notes.:  internally used by config reader for interpolations.
36
# Values:  [ tcp | udp | icmp | all ] Default: tcp
37
#
38
protocol = tcp
39
 
40
# Option:  blocktype
41
# Note:    This is what the action does with rules. This can be any jump target
42
#          as per the iptables man page (section 8). Common values are DROP
43
#          REJECT, REJECT --reject-with icmp-port-unreachable
44
# Values:  STRING
45
blocktype = REJECT --reject-with icmp-port-unreachable
41 - 46
 
47
# Option:  returntype
48
# Note:    This is the default rule on "actionstart". This should be RETURN
49
#          in all (blocking) actions, except REJECT in allowing actions.
50
# Values:  STRING
51
returntype = RETURN
52
 
53
# Option:  lockingopt
54
# Notes.:  Option was introduced to iptables to prevent multiple instances from
55
#          running concurrently and causing irratic behavior.  -w was introduced
56
#          in iptables 1.4.20, so might be absent on older systems
57
#          See https://github.com/fail2ban/fail2ban/issues/1122
58
# Values:  STRING
59
lockingopt =
60
 
61
# Option:  iptables
62
# Notes.:  Actual command to be executed, including common to all calls options
63
# Values:  STRING
64
iptables = iptables <lockingopt>