34 |
- |
1 |
# Fail2Ban configuration file
2 |
3 |
# Author: Donald Yandt
4 |
# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
5 |
6 |
7 |
87 |
- |
8 |
before = iptables-common.conf
34 |
- |
9 |
10 |
11 |
12 |
actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
13 |
firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
87 |
- |
14 |
firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
34 |
- |
15 |
87 |
- |
16 |
actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
34 |
- |
17 |
firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
18 |
firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
19 |
20 |
# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
21 |
22 |
actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'
23 |
24 |
actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
25 |
26 |
actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
27 |
28 |
29 |
30 |
# Default name of the chain
31 |
name = default
32 |
33 |
chain = INPUT_direct
34 |
35 |
# Could also use port numbers separated by a comma.
36 |
port = 1:65535
37 |
38 |
39 |
# Option: protocol
40 |
# Values: [ tcp | udp | icmp | all ]
41 |
42 |
protocol = tcp
43 |
44 |
45 |
46 |
47 |
48 |
# Author: Donald Yandt
49 |
# Uses "FirewallD" instead of the "iptables daemon".
50 |
51 |
52 |
# Output:
53 |
# actionstart:
54 |
# $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity
55 |
# success
56 |
# $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN
57 |
# success
58 |
# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
59 |
# success
60 |
# actioncheck:
61 |
# $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
62 |
# f2b-apache-modsecurity
63 |