"Fossies" - the Fresh Open Source Software Archive

Member "fail2ban-0.10.4/config/action.d/iptables-ipset-proto6.conf" (4 Oct 2018, 2328 Bytes) of package /linux/misc/fail2ban-0.10.4.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Generic config files source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "iptables-ipset-proto6.conf": 0.10.3.1_vs_0.10.4.

    1 # Fail2Ban configuration file
    2 #
    3 # Author: Daniel Black
    4 #
    5 # This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
    6 # Use ipset -V to see the protocol and version. Version 4 should use
    7 # iptables-ipset-proto4.conf.
    8 #
    9 # This requires the program ipset which is normally in package called ipset.
   10 #
   11 # IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
   12 #
   13 # If you are running on an older kernel you make need to patch in external
   14 # modules.
   15 #
   16 # Modified: Alexander Koeppe <format_c@online.de>, Serg G. Brester <serg.brester@sebres.de>
   17 #       made config file IPv6 capable (see new section Init?family=inet6)
   18 
   19 [INCLUDES]
   20 
   21 before = iptables-common.conf
   22 
   23 [Definition]
   24 
   25 # Option:  actionstart
   26 # Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
   27 # Values:  CMD
   28 #
   29 actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
   30               <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>
   31 
   32 # Option:  actionflush
   33 # Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
   34 # Values:  CMD
   35 #
   36 actionflush = ipset flush <ipmset>
   37 
   38 # Option:  actionstop
   39 # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
   40 # Values:  CMD
   41 #
   42 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>
   43              <actionflush>
   44              ipset destroy <ipmset>
   45 
   46 # Option:  actionban
   47 # Notes.:  command executed when banning an IP. Take care that the
   48 #          command is executed with Fail2Ban user rights.
   49 # Tags:    See jail.conf(5) man page
   50 # Values:  CMD
   51 #
   52 actionban = ipset add <ipmset> <ip> timeout <bantime> -exist
   53 
   54 # Option:  actionunban
   55 # Notes.:  command executed when unbanning an IP. Take care that the
   56 #          command is executed with Fail2Ban user rights.
   57 # Tags:    See jail.conf(5) man page
   58 # Values:  CMD
   59 #
   60 actionunban = ipset del <ipmset> <ip> -exist
   61 
   62 [Init]
   63 
   64 # Option: bantime
   65 # Notes:  specifies the bantime in seconds (handled internally rather than by fail2ban)
   66 # Values:  [ NUM ]  Default: 600
   67 #
   68 bantime = 600
   69 
   70 ipmset = f2b-<name>
   71 familyopt =
   72 
   73 
   74 [Init?family=inet6]
   75 
   76 ipmset = f2b-<name>6
   77 familyopt = <sp>family inet6