int2001/gist:0aeb68538eb995ba6acc

## gistfile1.txt
# Fail2Ban configuration file
#
# Author: Guido Bozzetto
# Modified: Cyril Jaquier
#
# make "fail2ban-<name>" chain to match drop IP
# make "fail2ban-<name>-log" chain to log and drop
# insert a jump to fail2ban-<name> from -I <chain> if proto/port match
#
#

[INCLUDES]

before = iptables-blocktype.conf

[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart = /usr/local/sbin/iptables-wrapper -N fail2ban-<name>
              /usr/local/sbin/iptables-wrapper -A fail2ban-<name> -j RETURN
              /usr/local/sbin/iptables-wrapper -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
              /usr/local/sbin/iptables-wrapper -N fail2ban-<name>-log
              /usr/local/sbin/iptables-wrapper -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
              /usr/local/sbin/iptables-wrapper -A fail2ban-<name>-log -j <blocktype>

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop = /usr/local/sbin/iptables-wrapper -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
             /usr/local/sbin/iptables-wrapper -F fail2ban-<name>
             /usr/local/sbin/iptables-wrapper -F fail2ban-<name>-log
             /usr/local/sbin/iptables-wrapper -X fail2ban-<name>
             /usr/local/sbin/iptables-wrapper -X fail2ban-<name>-log

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck = /usr/local/sbin/iptables-wrapper -n -L fail2ban-<name>-log >/dev/null

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = /usr/local/sbin/iptables-wrapper -I fail2ban-<name> 1 -s <ip>/<mask> -j fail2ban-<name>-log

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban = /usr/local/sbin/iptables-wrapper -D fail2ban-<name> -s <ip>/<mask> -j fail2ban-<name>-log

[Init]

# default Mask
mask = 32

# Default name of the chain
#
name = default

# Option:  port
# Notes.:  specifies port to monitor
# Values:  [ NUM | STRING ]  Default:
#
port = ssh

# Option:  protocol
# Notes.:  internally used by config reader for interpolations.
# Values:  [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp

# Option:  chain
# Notes    specifies the iptables chain to which the fail2ban rules should be
#          added
# Values:  STRING  Default: INPUT
chain = INPUT
	# Fail2Ban configuration file
	#
	# Author: Guido Bozzetto
	# Modified: Cyril Jaquier
	#
	# make "fail2ban-<name>" chain to match drop IP
	# make "fail2ban-<name>-log" chain to log and drop
	# insert a jump to fail2ban-<name> from -I <chain> if proto/port match
	#
	#

	[INCLUDES]

	before = iptables-blocktype.conf

	[Definition]

	# Option: actionstart
	# Notes.: command executed once at the start of Fail2Ban.
	# Values: CMD
	#
	actionstart = /usr/local/sbin/iptables-wrapper -N fail2ban-<name>
	/usr/local/sbin/iptables-wrapper -A fail2ban-<name> -j RETURN
	/usr/local/sbin/iptables-wrapper -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
	/usr/local/sbin/iptables-wrapper -N fail2ban-<name>-log
	/usr/local/sbin/iptables-wrapper -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
	/usr/local/sbin/iptables-wrapper -A fail2ban-<name>-log -j <blocktype>

	# Option: actionstop
	# Notes.: command executed once at the end of Fail2Ban
	# Values: CMD
	#
	actionstop = /usr/local/sbin/iptables-wrapper -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
	/usr/local/sbin/iptables-wrapper -F fail2ban-<name>
	/usr/local/sbin/iptables-wrapper -F fail2ban-<name>-log
	/usr/local/sbin/iptables-wrapper -X fail2ban-<name>
	/usr/local/sbin/iptables-wrapper -X fail2ban-<name>-log

	# Option: actioncheck
	# Notes.: command executed once before each actionban command
	# Values: CMD
	#
	actioncheck = /usr/local/sbin/iptables-wrapper -n -L fail2ban-<name>-log >/dev/null

	# Option: actionban
	# Notes.: command executed when banning an IP. Take care that the
	# command is executed with Fail2Ban user rights.
	# Tags: See jail.conf(5) man page
	# Values: CMD
	#
	actionban = /usr/local/sbin/iptables-wrapper -I fail2ban-<name> 1 -s <ip>/<mask> -j fail2ban-<name>-log

	# Option: actionunban
	# Notes.: command executed when unbanning an IP. Take care that the
	# command is executed with Fail2Ban user rights.
	# Tags: See jail.conf(5) man page
	# Values: CMD
	#
	actionunban = /usr/local/sbin/iptables-wrapper -D fail2ban-<name> -s <ip>/<mask> -j fail2ban-<name>-log

	[Init]

	# default Mask
	mask = 32

	# Default name of the chain
	#
	name = default

	# Option: port
	# Notes.: specifies port to monitor
	# Values: [ NUM \| STRING ] Default:
	#
	port = ssh

	# Option: protocol
	# Notes.: internally used by config reader for interpolations.
	# Values: [ tcp \| udp \| icmp \| all ] Default: tcp
	#
	protocol = tcp

	# Option: chain
	# Notes specifies the iptables chain to which the fail2ban rules should be
	# added
	# Values: STRING Default: INPUT
	chain = INPUT