| 192 |
- |
1 |
# Fail2Ban configuration file
|
|
|
2 |
#
|
|
|
3 |
# Author: Guido Bozzetto
|
|
|
4 |
# Modified: Cyril Jaquier
|
|
|
5 |
#
|
|
|
6 |
# make "f2b-<name>" chain to match drop IP
|
|
|
7 |
# make "f2b-<name>-log" chain to log and drop
|
|
|
8 |
# insert a jump to f2b-<name> from -I <chain> if proto/port match
|
|
|
9 |
#
|
|
|
10 |
#
|
|
|
11 |
|
|
|
12 |
[INCLUDES]
|
|
|
13 |
|
|
|
14 |
before = iptables-common.conf
|
|
|
15 |
|
|
|
16 |
[Definition]
|
|
|
17 |
|
|
|
18 |
# Option: actionstart
|
|
|
19 |
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
|
|
20 |
# Values: CMD
|
|
|
21 |
#
|
|
|
22 |
actionstart = <iptables> -N f2b-<name>
|
|
|
23 |
<iptables> -A f2b-<name> -j <returntype>
|
|
|
24 |
<iptables> -I <chain> 1 -p <protocol> -m multiport --dports <port> -j f2b-<name>
|
|
|
25 |
<iptables> -N f2b-<name>-log
|
|
|
26 |
<iptables> -I f2b-<name>-log -j LOG --log-prefix "$(expr f2b-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
|
|
|
27 |
<iptables> -A f2b-<name>-log -j <blocktype>
|
|
|
28 |
|
|
|
29 |
# Option: actionflush
|
|
|
30 |
# Notes.: command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
|
|
|
31 |
# Values: CMD
|
|
|
32 |
#
|
|
|
33 |
actionflush = <iptables> -F f2b-<name>
|
|
|
34 |
<iptables> -F f2b-<name>-log
|
|
|
35 |
|
|
|
36 |
# Option: actionstop
|
|
|
37 |
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
|
|
38 |
# Values: CMD
|
|
|
39 |
#
|
|
|
40 |
actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
|
|
|
41 |
<actionflush>
|
|
|
42 |
<iptables> -X f2b-<name>
|
|
|
43 |
<iptables> -X f2b-<name>-log
|
|
|
44 |
|
|
|
45 |
# Option: actioncheck
|
|
|
46 |
# Notes.: command executed once before each actionban command
|
|
|
47 |
# Values: CMD
|
|
|
48 |
#
|
|
|
49 |
actioncheck = <iptables> -n -L f2b-<name>-log >/dev/null
|
|
|
50 |
|
|
|
51 |
# Option: actionban
|
|
|
52 |
# Notes.: command executed when banning an IP. Take care that the
|
|
|
53 |
# command is executed with Fail2Ban user rights.
|
|
|
54 |
# Tags: See jail.conf(5) man page
|
|
|
55 |
# Values: CMD
|
|
|
56 |
#
|
|
|
57 |
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j f2b-<name>-log
|
|
|
58 |
|
|
|
59 |
# Option: actionunban
|
|
|
60 |
# Notes.: command executed when unbanning an IP. Take care that the
|
|
|
61 |
# command is executed with Fail2Ban user rights.
|
|
|
62 |
# Tags: See jail.conf(5) man page
|
|
|
63 |
# Values: CMD
|
|
|
64 |
#
|
|
|
65 |
actionunban = <iptables> -D f2b-<name> -s <ip> -j f2b-<name>-log
|
|
|
66 |
|
|
|
67 |
[Init]
|
|
|
68 |
|