projects
/
matthijs
/
servers
/
drsnuggles.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fail2ban: Allow the INPUT chain to be customized.
[matthijs/servers/drsnuggles.git]
/
etc
/
fail2ban
/
action.d
/
iptables-multiport.conf
diff --git
a/etc/fail2ban/action.d/iptables-multiport.conf
b/etc/fail2ban/action.d/iptables-multiport.conf
index 84c7d533a84fd22b2dfc0ff016a24f7576bd0f35..f0aebbac6000f548bde9c9e638d3da29ced0bc6a 100644
(file)
--- a/
etc/fail2ban/action.d/iptables-multiport.conf
+++ b/
etc/fail2ban/action.d/iptables-multiport.conf
@@
-13,13
+13,13
@@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I
INPUT
-p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+ iptables -I
<chain>
-p <protocol> -m multiport --dports <port> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D
INPUT
-p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+actionstop = iptables -D
<chain>
-p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@
-27,7
+27,7
@@
actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fai
# Notes.: command executed once before each actionban command
# Values: CMD
#
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L
INPUT
| grep -q fail2ban-<name>
+actioncheck = iptables -n -L
<chain>
| grep -q fail2ban-<name>
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@
-67,3
+67,8
@@
port = ssh
#
protocol = tcp
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT