action.d/ssh-iptables.conf: # # Usage:# # banaction = ssh-iptables[remote-host=user@192.0.2.1, type=multiport]# # banaction_allports = ssh-iptables[remote-host=user@192.0.2.1, type=allports][INCLUDES]
before = iptables.conf
[Init]
ssh = ssh <remote-host>
remote-host = user@host
iptables = <ssh> iptables <lockingopt>
[Init?family=inet6]
iptables = <ssh> ip6tables <lockingopt>action.d/ssh-iptables-ipset.conf: # # Usage:# # banaction = ssh-iptables-ipset[remote-host=user@192.0.2.1, type=multiport]# # banaction_allports = ssh-iptables-ipset[remote-host=user@192.0.2.1, type=allports][INCLUDES]
before = iptables-ipset.conf
[Definition]
_ips_mockup = ipset() { <ssh> ipset $@; };_cmd_mockup = %(_ips_mockup)s iptables() { <ssh> iptables $@; }; ip6tables() { <ssh> ip6tables $@; };actionstart = %(_cmd_mockup)s %(known/actionstart)s
actionflush = %(_ips_mockup)s %(known/actionflush)s
actionstop = %(_cmd_mockup)s %(known/actionstop)s
actioncheck = %(_cmd_mockup)s %(known/actioncheck)s
actionban = %(_ips_mockup)s %(known/actionban)s
actionunban = %(_ips_mockup)s %(known/actionunban)s
[Init]
ssh = ssh <remote-host>
remote-host = user@host