fail2ban: Allow the INPUT chain to be customized.

[matthijs/servers/drsnuggles.git] / etc / fail2ban / action.d / iptables-multiport.conf

diff --git a/etc/fail2ban/action.d/iptables-multiport.conf b/etc/fail2ban/action.d/iptables-multiport.conf
index 84c7d533a84fd22b2dfc0ff016a24f7576bd0f35..f0aebbac6000f548bde9c9e638d3da29ced0bc6a 100644 (file)
--- a/etc/fail2ban/action.d/iptables-multiport.conf
+++ b/etc/fail2ban/action.d/iptables-multiport.conf
@@ -13,13 +13,13 @@
 #
 actionstart = iptables -N fail2ban-<name>
               iptables -A fail2ban-<name> -j RETURN
-              iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
              iptables -F fail2ban-<name>
              iptables -X fail2ban-<name>
 
@@ -27,7 +27,7 @@ actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fai
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -67,3 +67,8 @@ port = ssh
 #
 protocol = tcp
 
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT