Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
iptables-46-multiport-log.conf
# Fail2Ban configuration file
#
# Author: Guido Bozzetto
# Modified: Cyril Jaquier
#
# make "fail2ban-<name>" chain to match drop IP
# make "fail2ban-<name>-log" chain to log and drop
# insert a jump to fail2ban-<name> from -I <chain> if proto/port match
#
#
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = /usr/local/sbin/iptables-wrapper -N fail2ban-<name>
/usr/local/sbin/iptables-wrapper -A fail2ban-<name> -j RETURN
/usr/local/sbin/iptables-wrapper -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
/usr/local/sbin/iptables-wrapper -N fail2ban-<name>-log
/usr/local/sbin/iptables-wrapper -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
/usr/local/sbin/iptables-wrapper -A fail2ban-<name>-log -j <blocktype>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = /usr/local/sbin/iptables-wrapper -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
/usr/local/sbin/iptables-wrapper -F fail2ban-<name>
/usr/local/sbin/iptables-wrapper -F fail2ban-<name>-log
/usr/local/sbin/iptables-wrapper -X fail2ban-<name>
/usr/local/sbin/iptables-wrapper -X fail2ban-<name>-log
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = /usr/local/sbin/iptables-wrapper -n -L fail2ban-<name>-log >/dev/null
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = /usr/local/sbin/iptables-wrapper -I fail2ban-<name> 1 -s <ip>/<mask> -j fail2ban-<name>-log
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban = /usr/local/sbin/iptables-wrapper -D fail2ban-<name> -s <ip>/<mask> -j fail2ban-<name>-log
[Init]
# default Mask
mask = 32
# Default name of the chain
#
name = default
# Option: port
# Notes.: specifies port to monitor
# Values: [ NUM | STRING ] Default:
#
port = ssh
# Option: protocol
# Notes.: internally used by config reader for interpolations.
# Values: [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp
# Option: chain
# Notes specifies the iptables chain to which the fail2ban rules should be
# added
# Values: STRING Default: INPUT
chain = INPUT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment