"Fossies" - the Fresh Open Source Software Archive

Member "fail2ban-0.11.1/config/action.d/iptables-ipset-proto6.conf" (11 Jan 2020, 2378 Bytes) of package /linux/misc/fail2ban-0.11.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Generic config files source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "iptables-ipset-proto6.conf": 0.10.5_vs_0.11.1.

    1 # Fail2Ban configuration file
    2 #
    3 # Author: Daniel Black
    4 #
    5 # This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
    6 # Use ipset -V to see the protocol and version. Version 4 should use
    7 # iptables-ipset-proto4.conf.
    8 #
    9 # This requires the program ipset which is normally in package called ipset.
   10 #
   11 # IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
   12 #
   13 # If you are running on an older kernel you make need to patch in external
   14 # modules.
   15 #
   16 # Modified: Alexander Koeppe <format_c@online.de>, Serg G. Brester <serg.brester@sebres.de>
   17 #       made config file IPv6 capable (see new section Init?family=inet6)
   18 
   19 [INCLUDES]
   20 
   21 before = iptables-common.conf
   22 
   23 [Definition]
   24 
   25 # Option:  actionstart
   26 # Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
   27 # Values:  CMD
   28 #
   29 actionstart = ipset create <ipmset> hash:ip timeout <default-timeout><familyopt>
   30               <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>
   31 
   32 # Option:  actionflush
   33 # Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
   34 # Values:  CMD
   35 #
   36 actionflush = ipset flush <ipmset>
   37 
   38 # Option:  actionstop
   39 # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
   40 # Values:  CMD
   41 #
   42 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>
   43              <actionflush>
   44              ipset destroy <ipmset>
   45 
   46 # Option:  actionban
   47 # Notes.:  command executed when banning an IP. Take care that the
   48 #          command is executed with Fail2Ban user rights.
   49 # Tags:    See jail.conf(5) man page
   50 # Values:  CMD
   51 #
   52 actionban = ipset add <ipmset> <ip> timeout <bantime> -exist
   53 
   54 actionprolong = %(actionban)s
   55 
   56 # Option:  actionunban
   57 # Notes.:  command executed when unbanning an IP. Take care that the
   58 #          command is executed with Fail2Ban user rights.
   59 # Tags:    See jail.conf(5) man page
   60 # Values:  CMD
   61 #
   62 actionunban = ipset del <ipmset> <ip> -exist
   63 
   64 [Init]
   65 
   66 # Option: default-timeout
   67 # Notes:  specifies default timeout in seconds (handled default ipset timeout only)
   68 # Values:  [ NUM ]  Default: 600
   69 
   70 default-timeout = 600
   71 
   72 ipmset = f2b-<name>
   73 familyopt =
   74 
   75 
   76 [Init?family=inet6]
   77 
   78 ipmset = f2b-<name>6
   79 familyopt = <sp>family inet6