| 192 |
- |
1 |
# Fail2Ban configuration file for Bytemark Symbiosis firewall
|
|
|
2 |
#
|
|
|
3 |
# Author: Yaroslav Halchenko
|
|
|
4 |
#
|
|
|
5 |
|
|
|
6 |
[INCLUDES]
|
|
|
7 |
|
|
|
8 |
before = iptables-common.conf
|
|
|
9 |
|
|
|
10 |
[Definition]
|
|
|
11 |
|
|
|
12 |
# Option: actionstart
|
|
|
13 |
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
|
|
14 |
# Values: CMD
|
|
|
15 |
#
|
|
|
16 |
actionstart =
|
|
|
17 |
|
|
|
18 |
# Option: actionstop
|
|
|
19 |
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
|
|
20 |
# Values: CMD
|
|
|
21 |
#
|
|
|
22 |
actionstop =
|
|
|
23 |
|
|
|
24 |
# Option: actioncheck
|
|
|
25 |
# Notes.: command executed once before each actionban command
|
|
|
26 |
# Values: CMD
|
|
|
27 |
#
|
|
|
28 |
actioncheck = <iptables> -n -L <chain>
|
|
|
29 |
|
|
|
30 |
# Option: actionban
|
|
|
31 |
# Notes.: command executed when banning an IP.
|
|
|
32 |
# Values: CMD
|
|
|
33 |
#
|
|
|
34 |
actionban = echo 'all' >| /etc/symbiosis/firewall/blacklist.d/<ip>.auto
|
|
|
35 |
<iptables> -I <chain> 1 -s <ip> -j <blocktype>
|
|
|
36 |
|
|
|
37 |
# Option: actionunban
|
|
|
38 |
# Notes.: command executed when unbanning an IP.
|
|
|
39 |
# Values: CMD
|
|
|
40 |
#
|
|
|
41 |
actionunban = rm -f /etc/symbiosis/firewall/blacklist.d/<ip>.auto
|
|
|
42 |
<iptables> -D <chain> -s <ip> -j <blocktype> || :
|
|
|
43 |
|
|
|
44 |
[Init]
|
|
|
45 |
|
|
|
46 |
# Option: chain
|
|
|
47 |
# Notes specifies the iptables chain to which the fail2ban rules should be
|
|
|
48 |
# added to. blacklist is a chain initiated by symbiosis firewall.
|
|
|
49 |
# Values: STRING Default: blacklist
|
|
|
50 |
chain = blacklist
|
|
|
51 |
|
|
|
52 |
# Option: blocktype
|
|
|
53 |
# Note: This is to match default symbiosis firewall type for blacklisted IPs
|
|
|
54 |
# Values: STRING
|
|
|
55 |
blocktype = DROP
|