Created
February 7, 2018 23:12
-
-
Save utarn/fae9316a32e7db816741f7ec189e9f0b to your computer and use it in GitHub Desktop.
Permanently Ban previously banned IP using Fail2ban with firwallcmd multiport
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Fail2Ban configuration file | |
# | |
# Author: Donald Yandt | |
# Because of the --remove-rules in stop this action requires firewalld-0.3.8+ | |
[INCLUDES] | |
before = firewallcmd-common.conf | |
[Definition] | |
actionstart = firewall-cmd --direct --add-chain <family> filter f2b-<name> | |
firewall-cmd --direct --add-rule <family> filter f2b-<name> 1000 -j RETURN | |
firewall-cmd --direct --add-rule <family> filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name> | |
cat /etc/fail2ban/persistent.bans | awk '/^<family>-<name>/ {print $2}' | while read IP; do firewall-cmd --direct --add-rule <family> filter f2b-<name> 0 -s $IP -j <blocktype>; done | |
actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name> | |
firewall-cmd --direct --remove-rules <family> filter f2b-<name> | |
firewall-cmd --direct --remove-chain <family> filter f2b-<name> | |
# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$' | |
actioncheck = firewall-cmd --direct --get-chains <family> filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$' | |
actionban = firewall-cmd --direct --add-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype> | |
echo "<family>-<name> <ip>" >> /etc/fail2ban/persistent.bans | |
actionunban = firewall-cmd --direct --remove-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment