Rev 33 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban configuration file## Author: Daniel Black## This is a included configuration file and includes the definitions for the iptables# used in all iptables based actions by default.## The user can override the defaults in iptables-common.local[INCLUDES]after = iptables-blocktype.localiptables-common.local# iptables-blocktype.local is obsolete[Init]# Option: chain# Notes specifies the iptables chain to which the Fail2Ban rules should be# added# Values: STRING Default: INPUTchain = INPUT# Default name of the chain#name = default# Option: port# Notes.: specifies port to monitor# Values: [ NUM | STRING ] Default:#port = ssh# Option: protocol# Notes.: internally used by config reader for interpolations.# Values: [ tcp | udp | icmp | all ] Default: tcp#protocol = tcp# Option: blocktype# Note: This is what the action does with rules. This can be any jump target# as per the iptables man page (section 8). Common values are DROP# REJECT, REJECT --reject-with icmp-port-unreachable# Values: STRINGblocktype = REJECT --reject-with icmp-port-unreachable# Option: returntype# Note: This is the default rule on "actionstart". This should be RETURN# in all (blocking) actions, except REJECT in allowing actions.# Values: STRINGreturntype = RETURN# Option: lockingopt# Notes.: Option was introduced to iptables to prevent multiple instances from# running concurrently and causing irratic behavior. -w was introduced# in iptables 1.4.20, so might be absent on older systems# See https://github.com/fail2ban/fail2ban/issues/1122# Values: STRINGlockingopt =# Option: iptables# Notes.: Actual command to be executed, including common to all calls options# Values: STRINGiptables = iptables <lockingopt>