Last active
August 29, 2015 14:22
-
-
Save int2001/0aeb68538eb995ba6acc to your computer and use it in GitHub Desktop.
iptables-46-multiport-log.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Fail2Ban configuration file | |
# | |
# Author: Guido Bozzetto | |
# Modified: Cyril Jaquier | |
# | |
# make "fail2ban-<name>" chain to match drop IP | |
# make "fail2ban-<name>-log" chain to log and drop | |
# insert a jump to fail2ban-<name> from -I <chain> if proto/port match | |
# | |
# | |
[INCLUDES] | |
before = iptables-blocktype.conf | |
[Definition] | |
# Option: actionstart | |
# Notes.: command executed once at the start of Fail2Ban. | |
# Values: CMD | |
# | |
actionstart = /usr/local/sbin/iptables-wrapper -N fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -A fail2ban-<name> -j RETURN | |
/usr/local/sbin/iptables-wrapper -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -N fail2ban-<name>-log | |
/usr/local/sbin/iptables-wrapper -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 | |
/usr/local/sbin/iptables-wrapper -A fail2ban-<name>-log -j <blocktype> | |
# Option: actionstop | |
# Notes.: command executed once at the end of Fail2Ban | |
# Values: CMD | |
# | |
actionstop = /usr/local/sbin/iptables-wrapper -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -F fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -F fail2ban-<name>-log | |
/usr/local/sbin/iptables-wrapper -X fail2ban-<name> | |
/usr/local/sbin/iptables-wrapper -X fail2ban-<name>-log | |
# Option: actioncheck | |
# Notes.: command executed once before each actionban command | |
# Values: CMD | |
# | |
actioncheck = /usr/local/sbin/iptables-wrapper -n -L fail2ban-<name>-log >/dev/null | |
# Option: actionban | |
# Notes.: command executed when banning an IP. Take care that the | |
# command is executed with Fail2Ban user rights. | |
# Tags: See jail.conf(5) man page | |
# Values: CMD | |
# | |
actionban = /usr/local/sbin/iptables-wrapper -I fail2ban-<name> 1 -s <ip>/<mask> -j fail2ban-<name>-log | |
# Option: actionunban | |
# Notes.: command executed when unbanning an IP. Take care that the | |
# command is executed with Fail2Ban user rights. | |
# Tags: See jail.conf(5) man page | |
# Values: CMD | |
# | |
actionunban = /usr/local/sbin/iptables-wrapper -D fail2ban-<name> -s <ip>/<mask> -j fail2ban-<name>-log | |
[Init] | |
# default Mask | |
mask = 32 | |
# Default name of the chain | |
# | |
name = default | |
# Option: port | |
# Notes.: specifies port to monitor | |
# Values: [ NUM | STRING ] Default: | |
# | |
port = ssh | |
# Option: protocol | |
# Notes.: internally used by config reader for interpolations. | |
# Values: [ tcp | udp | icmp | all ] Default: tcp | |
# | |
protocol = tcp | |
# Option: chain | |
# Notes specifies the iptables chain to which the fail2ban rules should be | |
# added | |
# Values: STRING Default: INPUT | |
chain = INPUT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment