From 549adc42a17671f25ef98ea72c4ad25593b28a09 Mon Sep 17 00:00:00 2001 From: Matthijs Kooijman Date: Thu, 10 Sep 2009 12:40:46 +0200 Subject: [PATCH 1/1] Add default iptables-multiport fail2ban action. This will config file will be modified in the next commit. --- etc/fail2ban/action.d/iptables-multiport.conf | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 etc/fail2ban/action.d/iptables-multiport.conf diff --git a/etc/fail2ban/action.d/iptables-multiport.conf b/etc/fail2ban/action.d/iptables-multiport.conf new file mode 100644 index 0000000..84c7d53 --- /dev/null +++ b/etc/fail2ban/action.d/iptables-multiport.conf @@ -0,0 +1,69 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# Modified by Yaroslav Halchenko for multiport banning +# $Revision: 658 $ +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = iptables -N fail2ban- + iptables -A fail2ban- -j RETURN + iptables -I INPUT -p -m multiport --dports -j fail2ban- + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = iptables -D INPUT -p -m multiport --dports -j fail2ban- + iptables -F fail2ban- + iptables -X fail2ban- + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = iptables -n -L INPUT | grep -q fail2ban- + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# number of failures +#