diff options
| author | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-04-14 22:32:43 +0200 |
|---|---|---|
| committer | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-04-14 22:32:43 +0200 |
| commit | 83f7fe4b8402bab171d110703a1b1115efbc9b28 (patch) | |
| tree | 19110702c7d740f6bd8ee4f5d2ebcb97442be237 /straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf | |
| parent | 51d43498b07dc97d795947964534f0903cd05db5 (diff) | |
| download | bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.tar.gz bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.zip | |
cleaned up many scrits and deleted some that were of no use; renamed a lot
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf')
| -rw-r--r-- | straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf deleted file mode 100644 index c3c175b..0000000 --- a/straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf +++ /dev/null @@ -1,87 +0,0 @@ -# Fail2Ban configuration file -# -# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> -# -# Modified: Alexander Koeppe <format_c@online.de>, Serg G. Brester <serg.brester@sebres.de> -# made config file IPv6 capable - -[INCLUDES] - -before = iptables.conf - -[Definition] - -_ipt_chain_rule = -m recent --update --seconds 3600 --name <iptname> -j <blocktype> -_ipt_for_proto-iter = -_ipt_for_proto-done = - -# Option: actionstart -# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). -# Values: CMD -# -# Changing iptables rules requires root privileges. If fail2ban is -# configured to run as root, firewall setup can be performed by -# fail2ban automatically. However, if fail2ban is configured to run as -# a normal user, the configuration must be done by some other means -# (e.g. using static firewall configuration with the -# iptables-persistent package). -# -# Explanation of the rule below: -# Check if any packets coming from an IP on the <iptname> -# list have been seen in the last 3600 seconds. If yes, update the -# timestamp for this IP and drop the packet. If not, let the packet -# through. -# -# Fail2ban inserts blacklisted hosts into the <iptname> list -# and removes them from the list after some time, according to its -# own rules. The 3600 second timeout is independent and acts as a -# safeguard in case the fail2ban process dies unexpectedly. The -# shorter of the two timeouts actually matters. -actionstart = if [ `id -u` -eq 0 ];then - { %(_ipt_check_rule)s >/dev/null 2>&1; } || { <iptables> -I <chain> %(_ipt_chain_rule)s; } - fi - -# Option: actionflush -# -# [TODO] Flushing is currently not implemented for xt_recent -# -actionflush = - -# Option: actionstop -# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -# Values: CMD -# -actionstop = echo / > /proc/net/xt_recent/<iptname> - if [ `id -u` -eq 0 ];then - <iptables> -D <chain> %(_ipt_chain_rule)s; - fi - -# Option: actioncheck -# Notes.: command executed as invariant check (error by ban) -# Values: CMD -# -actioncheck = { <iptables> -C <chain> %(_ipt_chain_rule)s; } && test -e /proc/net/xt_recent/<iptname> - -# Option: actionban -# Notes.: command executed when banning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: See jail.conf(5) man page -# Values: CMD -# -actionban = echo +<ip> > /proc/net/xt_recent/<iptname> - -# Option: actionunban -# Notes.: command executed when unbanning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: See jail.conf(5) man page -# Values: CMD -# -actionunban = echo -<ip> > /proc/net/xt_recent/<iptname> - -[Init] - -iptname = f2b-<name> - -[Init?family=inet6] - -iptname = f2b-<name>6 |
