| 34 |
- |
1 |
# Fail2Ban configuration file for Bytemark Symbiosis firewall
|
|
|
2 |
#
|
|
|
3 |
# Author: Yaroslav Halchenko
|
|
|
4 |
#
|
|
|
5 |
|
|
|
6 |
|
|
|
7 |
[Definition]
|
|
|
8 |
|
|
|
9 |
# Option: actionstart
|
|
|
10 |
# Notes.: command executed once at the start of Fail2Ban.
|
|
|
11 |
# Values: CMD
|
|
|
12 |
#
|
|
|
13 |
actionstart =
|
|
|
14 |
|
|
|
15 |
# Option: actionstop
|
|
|
16 |
# Notes.: command executed once at the end of Fail2Ban
|
|
|
17 |
# Values: CMD
|
|
|
18 |
#
|
|
|
19 |
actionstop =
|
|
|
20 |
|
|
|
21 |
# Option: actioncheck
|
|
|
22 |
# Notes.: command executed once before each actionban command
|
|
|
23 |
# Values: CMD
|
|
|
24 |
#
|
|
|
25 |
actioncheck = iptables -n -L <chain>
|
|
|
26 |
|
|
|
27 |
# Option: actionban
|
|
|
28 |
# Notes.: command executed when banning an IP.
|
|
|
29 |
# Values: CMD
|
|
|
30 |
#
|
|
|
31 |
actionban = echo 'all' >| /etc/symbiosis/firewall/blacklist.d/<ip>.auto
|
|
|
32 |
iptables -I <chain> 1 -s <ip> -j <blocktype>
|
|
|
33 |
|
|
|
34 |
# Option: actionunban
|
|
|
35 |
# Notes.: command executed when unbanning an IP.
|
|
|
36 |
# Values: CMD
|
|
|
37 |
#
|
|
|
38 |
actionunban = rm -f /etc/symbiosis/firewall/blacklist.d/<ip>.auto
|
|
|
39 |
iptables -D <chain> -s <ip> -j <blocktype> || :
|
|
|
40 |
|
|
|
41 |
[Init]
|
|
|
42 |
|
|
|
43 |
# Option: chain
|
|
|
44 |
# Notes specifies the iptables chain to which the fail2ban rules should be
|
|
|
45 |
# added to. blacklist is a chain initiated by symbiosis firewall.
|
|
|
46 |
# Values: STRING Default: blacklist
|
|
|
47 |
chain = blacklist
|
|
|
48 |
|
|
|
49 |
# Option: blocktype
|
|
|
50 |
# Note: This is to match default symbiosis firewall type for blacklisted IPs
|
|
|
51 |
# Values: STRING
|
|
|
52 |
blocktype = DROP
|