/gist:0aeb68538eb995ba6acc
Last active Aug 29, 2015
iptables-46-multiport-log.conf
| # Fail2Ban configuration file | |
| # | |
| # Author: Guido Bozzetto | |
| # Modified: Cyril Jaquier | |
| # | |
| # make "fail2ban-<name>" chain to match drop IP | |
| # make "fail2ban-<name>-log" chain to log and drop | |
| # insert a jump to fail2ban-<name> from -I <chain> if proto/port match | |
| # | |
| # | |
| [INCLUDES] | |
| before = iptables-blocktype.conf | |
| [Definition] | |
| # Option: actionstart | |
| # Notes.: command executed once at the start of Fail2Ban. | |
| # Values: CMD | |
| # | |
| actionstart = /usr/local/sbin/iptables-wrapper -N fail2ban-<name> | |
| /usr/local/sbin/iptables-wrapper -A fail2ban-<name> -j RETURN | |
| /usr/local/sbin/iptables-wrapper -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
| /usr/local/sbin/iptables-wrapper -N fail2ban-<name>-log | |
| /usr/local/sbin/iptables-wrapper -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 | |
| /usr/local/sbin/iptables-wrapper -A fail2ban-<name>-log -j <blocktype> | |
| # Option: actionstop | |
| # Notes.: command executed once at the end of Fail2Ban | |
| # Values: CMD | |
| # | |
| actionstop = /usr/local/sbin/iptables-wrapper -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
| /usr/local/sbin/iptables-wrapper -F fail2ban-<name> | |
| /usr/local/sbin/iptables-wrapper -F fail2ban-<name>-log | |
| /usr/local/sbin/iptables-wrapper -X fail2ban-<name> | |
| /usr/local/sbin/iptables-wrapper -X fail2ban-<name>-log | |
| # Option: actioncheck | |
| # Notes.: command executed once before each actionban command | |
| # Values: CMD | |
| # | |
| actioncheck = /usr/local/sbin/iptables-wrapper -n -L fail2ban-<name>-log >/dev/null | |
| # Option: actionban | |
| # Notes.: command executed when banning an IP. Take care that the | |
| # command is executed with Fail2Ban user rights. | |
| # Tags: See jail.conf(5) man page | |
| # Values: CMD | |
| # | |
| actionban = /usr/local/sbin/iptables-wrapper -I fail2ban-<name> 1 -s <ip>/<mask> -j fail2ban-<name>-log | |
| # Option: actionunban | |
| # Notes.: command executed when unbanning an IP. Take care that the | |
| # command is executed with Fail2Ban user rights. | |
| # Tags: See jail.conf(5) man page | |
| # Values: CMD | |
| # | |
| actionunban = /usr/local/sbin/iptables-wrapper -D fail2ban-<name> -s <ip>/<mask> -j fail2ban-<name>-log | |
| [Init] | |
| # default Mask | |
| mask = 32 | |
| # Default name of the chain | |
| # | |
| name = default | |
| # Option: port | |
| # Notes.: specifies port to monitor | |
| # Values: [ NUM | STRING ] Default: | |
| # | |
| port = ssh | |
| # Option: protocol | |
| # Notes.: internally used by config reader for interpolations. | |
| # Values: [ tcp | udp | icmp | all ] Default: tcp | |
| # | |
| protocol = tcp | |
| # Option: chain | |
| # Notes specifies the iptables chain to which the fail2ban rules should be | |
| # added | |
| # Values: STRING Default: INPUT | |
| chain = INPUT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment