Subversion Repositories configs

# Fail2Ban configuration file

#

# Because of the --remove-rules in stop this action requires firewalld-0.3.8+

[INCLUDES]

before = firewallcmd-common.conf

[Definition]

actionstart = firewall-cmd --direct --add-chain <family> filter f2b-<name>

              firewall-cmd --direct --add-rule <family> filter f2b-<name> 1000 -j RETURN

              firewall-cmd --direct --add-rule <family> filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports "$(echo '<port>' | sed s/:/-/g)" -j f2b-<name>

actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports "$(echo '<port>' | sed s/:/-/g)" -j f2b-<name>

             firewall-cmd --direct --remove-rules <family> filter f2b-<name>

             firewall-cmd --direct --remove-chain <family> filter f2b-<name>

actioncheck = firewall-cmd --direct --get-chains <family> filter | sed -e 's, ,\n,g' | grep -q 'f2b-<name>$'

actionban = firewall-cmd --direct --add-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>

actionunban = firewall-cmd --direct --remove-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>

# DEV NOTES:

#

# Author: Edgar Hoch

# Copied from iptables-new.conf and modified for use with firewalld by Edgar Hoch.

#  It uses "firewall-cmd" instead of "iptables".

#

# Output:

#

# $ firewall-cmd --direct --add-chain ipv4 filter fail2ban-name

# success

# $ firewall-cmd --direct --add-rule ipv4 filter fail2ban-name 1000 -j RETURN

# success

# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 22 -j fail2ban-name

# success

# $ firewall-cmd --direct --get-chains ipv4 filter

# fail2ban-name

# $ firewall-cmd --direct --get-chains ipv4 filter  | od -h

# 0000000 6166 6c69 6232 6e61 6e2d 6d61 0a65

# $ firewall-cmd --direct --get-chains ipv4 filter | grep -Eq 'fail2ban-name( |$)' ; echo $?

# 0

# $ firewall-cmd -V

# 0.3.8