Rev 34 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban configuration file## Author: Donald Yandt# Because of the --remove-rules in stop this action requires firewalld-0.3.8+[INCLUDES]before = iptables-common.conf[Definition]actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURNfirewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>firewall-cmd --direct --remove-chain ipv4 filter f2b-<name># Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>[Init]# Default name of the chainname = defaultchain = INPUT_direct# Could also use port numbers separated by a comma.port = 1:65535# Option: protocol# Values: [ tcp | udp | icmp | all ]protocol = tcp# DEV NOTES:## Author: Donald Yandt# Uses "FirewallD" instead of the "iptables daemon".### Output:# actionstart:# $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity# success# $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN# success# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity# success# actioncheck:# $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'# f2b-apache-modsecurity