# Fail2Ban configuration file | |
# | |
# Author: Guido Bozzetto | |
# Modified: Cyril Jaquier | |
# | |
# make "fail2ban-<name>" chain to match drop IP | |
# make "fail2ban-<name>-log" chain to log and drop | |
# insert a jump to fail2ban-<name> from -I <chain> if proto/port match | |
# | |
# | |
[INCLUDES] | |
before = iptables-blocktype.conf | |
[Definition] | |
# Option: actionstart | |
# Notes.: command executed once at the start of Fail2Ban. | |
# Values: CMD | |
# | |
actionstart = /usr/local/sbin/iptables-wrapper -N fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -A fail2ban-<name> -j RETURN | |
/usr/local/sbin/iptables-wrapper -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -N fail2ban-<name>-log | |
/usr/local/sbin/iptables-wrapper -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 | |
/usr/local/sbin/iptables-wrapper -A fail2ban-<name>-log -j <blocktype> | |
# Option: actionstop | |
# Notes.: command executed once at the end of Fail2Ban | |
# Values: CMD | |
# | |
actionstop = /usr/local/sbin/iptables-wrapper -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -F fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -F fail2ban-<name>-log | |
/usr/local/sbin/iptables-wrapper -X fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -X fail2ban-<name>-log | |
# Option: actioncheck | |
# Notes.: command executed once before each actionban command | |
# Values: CMD | |
# | |
actioncheck = /usr/local/sbin/iptables-wrapper -n -L fail2ban-<name>-log >/dev/null | |
# Option: actionban | |
# Notes.: command executed when banning an IP. Take care that the | |
# command is executed with Fail2Ban user rights. | |
# Tags: See jail.conf(5) man page | |
# Values: CMD | |
# | |
actionban = /usr/local/sbin/iptables-wrapper -I fail2ban-<name> 1 -s <ip>/<mask> -j fail2ban-<name>-log | |
# Option: actionunban | |
# Notes.: command executed when unbanning an IP. Take care that the | |
# command is executed with Fail2Ban user rights. | |
# Tags: See jail.conf(5) man page | |
# Values: CMD | |
# | |
actionunban = /usr/local/sbin/iptables-wrapper -D fail2ban-<name> -s <ip>/<mask> -j fail2ban-<name>-log | |
[Init] | |
# default Mask | |
mask = 32 | |
# Default name of the chain | |
# | |
name = default | |
# Option: port | |
# Notes.: specifies port to monitor | |
# Values: [ NUM | STRING ] Default: | |
# | |
port = ssh | |
# Option: protocol | |
# Notes.: internally used by config reader for interpolations. | |
# Values: [ tcp | udp | icmp | all ] Default: tcp | |
# | |
protocol = tcp | |
# Option: chain | |
# Notes specifies the iptables chain to which the fail2ban rules should be | |
# added | |
# Values: STRING Default: INPUT | |
chain = INPUT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment