| Line 49... |
Line 49... |
| 49 |
# Option: actionstart
|
49 |
# Option: actionstart
|
| 50 |
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
50 |
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
| 51 |
# Values: CMD
|
51 |
# Values: CMD
|
| 52 |
#
|
52 |
#
|
| 53 |
actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
|
53 |
actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
|
| 54 |
then ipset -quiet -exist create f2b-<name> hash:ip timeout <default-timeout>;
|
54 |
then ipset -quiet -exist create f2b-<name> hash:ip timeout <default-ipsettime>;
|
| 55 |
fi
|
55 |
fi
|
| 56 |
|
56 |
|
| 57 |
# Option: actionstop
|
57 |
# Option: actionstop
|
| 58 |
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
58 |
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
| 59 |
# Values: CMD
|
59 |
# Values: CMD
|
| Line 64... |
Line 64... |
| 64 |
# Notes.: command executed when banning an IP. Take care that the
|
64 |
# Notes.: command executed when banning an IP. Take care that the
|
| 65 |
# command is executed with Fail2Ban user rights.
|
65 |
# command is executed with Fail2Ban user rights.
|
| 66 |
# Tags: See jail.conf(5) man page
|
66 |
# Tags: See jail.conf(5) man page
|
| 67 |
# Values: CMD
|
67 |
# Values: CMD
|
| 68 |
#
|
68 |
#
|
| 69 |
actionban = ipset add f2b-<name> <ip> timeout <bantime> -exist
|
69 |
actionban = ipset add f2b-<name> <ip> timeout <ipsettime> -exist
|
| 70 |
|
70 |
|
| 71 |
actionprolong = %(actionban)s
|
71 |
# actionprolong = %(actionban)s
|
| 72 |
|
72 |
|
| 73 |
# Option: actionunban
|
73 |
# Option: actionunban
|
| 74 |
# Notes.: command executed when unbanning an IP. Take care that the
|
74 |
# Notes.: command executed when unbanning an IP. Take care that the
|
| 75 |
# command is executed with Fail2Ban user rights.
|
75 |
# command is executed with Fail2Ban user rights.
|
| 76 |
# Tags: See jail.conf(5) man page
|
76 |
# Tags: See jail.conf(5) man page
|
| 77 |
# Values: CMD
|
77 |
# Values: CMD
|
| 78 |
#
|
78 |
#
|
| 79 |
actionunban = ipset del f2b-<name> <ip> -exist
|
79 |
actionunban = ipset del f2b-<name> <ip> -exist
|
| 80 |
|
80 |
|
| 81 |
# Option: default-timeout
|
81 |
# Option: default-ipsettime
|
| 82 |
# Notes: specifies default timeout in seconds (handled default ipset timeout only)
|
82 |
# Notes: specifies default timeout in seconds (handled default ipset timeout only)
|
| 83 |
# Values: [ NUM ] Default: 600
|
83 |
# Values: [ NUM ] Default: 0 (no timeout, managed by fail2ban by unban)
|
| - |
|
84 |
default-ipsettime = 0
|
| 84 |
|
85 |
|
| - |
|
86 |
# Option: ipsettime
|
| - |
|
87 |
# Notes: specifies ticket timeout (handled ipset timeout only)
|
| - |
|
88 |
# Values: [ NUM ] Default: 0 (managed by fail2ban by unban)
|
| 85 |
default-timeout = 600
|
89 |
ipsettime = 0
|
| - |
|
90 |
|
| - |
|
91 |
# expresion to caclulate timeout from bantime, example:
|
| - |
|
92 |
# banaction = %(known/banaction)s[ipsettime='<timeout-bantime>']
|
| - |
|
93 |
timeout-bantime = $([ "<bantime>" -le 2147483 ] && echo "<bantime>" || echo 0)
|