"Fossies" - the Fresh Open Source Software Archive

Member "fail2ban-0.11.1/config/action.d/firewallcmd-ipset.conf" (11 Jan 2020, 2286 Bytes) of package /linux/misc/fail2ban-0.11.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Generic config files source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "firewallcmd-ipset.conf": 0.10.5_vs_0.11.1.

    1 # Fail2Ban action file for firewall-cmd/ipset
    2 #
    3 # This requires:
    4 # ipset (package: ipset)
    5 # firewall-cmd (package: firewalld)
    6 #
    7 # This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
    8 # Use ipset -V to see the protocol and version.
    9 #
   10 # IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
   11 #
   12 # If you are running on an older kernel you make need to patch in external
   13 # modules.
   14 
   15 [INCLUDES]
   16 
   17 before = firewallcmd-common.conf
   18 
   19 [Definition]
   20 
   21 actionstart = ipset create <ipmset> hash:ip timeout <default-timeout><familyopt>
   22               firewall-cmd --direct --add-rule <family> filter <chain> 0 <actiontype> -m set --match-set <ipmset> src -j <blocktype>
   23 
   24 actionflush = ipset flush <ipmset>
   25 
   26 actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 <actiontype> -m set --match-set <ipmset> src -j <blocktype>
   27              <actionflush>
   28              ipset destroy <ipmset>
   29 
   30 actionban = ipset add <ipmset> <ip> timeout <bantime> -exist
   31 
   32 actionprolong = %(actionban)s
   33 
   34 actionunban = ipset del <ipmset> <ip> -exist
   35 
   36 [Init]
   37 
   38 # Option:  chain
   39 # Notes    specifies the iptables chain to which the fail2ban rules should be
   40 #          added
   41 # Values:  [ STRING ]
   42 #
   43 chain = INPUT_direct
   44 
   45 # Option: default-timeout
   46 # Notes:  specifies default timeout in seconds (handled default ipset timeout only)
   47 # Values:  [ NUM ]  Default: 600
   48 
   49 default-timeout = 600
   50 
   51 # Option: actiontype
   52 # Notes.: defines additions to the blocking rule
   53 # Values: leave empty to block all attempts from the host
   54 # Default: Value of the multiport
   55 actiontype = <multiport>
   56 
   57 # Option: allports
   58 # Notes.: default addition to block all ports
   59 # Usage.: use in jail config:  banaction = firewallcmd-ipset[actiontype=<allports>]
   60 #         for all protocols:   banaction = firewallcmd-ipset[actiontype=""]
   61 allports = -p <protocol>
   62 
   63 # Option: multiport
   64 # Notes.: addition to block access only to specific ports
   65 # Usage.: use in jail config:  banaction = firewallcmd-ipset[actiontype=<multiport>]
   66 multiport = -p <protocol> -m multiport --dports <port>
   67 
   68 ipmset = f2b-<name>
   69 familyopt =
   70 
   71 [Init?family=inet6]
   72 
   73 ipmset = f2b-<name>6
   74 familyopt = <sp>family inet6
   75 
   76 
   77 # DEV NOTES:
   78 #
   79 # Author: Edgar Hoch and Daniel Black
   80 # firewallcmd-new / iptables-ipset-proto6 combined for maximium goodness