diff options
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf')
| -rw-r--r-- | straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf | 128 |
1 files changed, 0 insertions, 128 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf deleted file mode 100644 index 7181ed9..0000000 --- a/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf +++ /dev/null @@ -1,128 +0,0 @@ -# Fail2Ban configuration file -# -# OpenBSD pf ban/unban -# -# Author: Nick Hilliard <nick@foobar.org> -# Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6 -# Modified by: Balazs Mateffy adding allproto option so all traffic gets blocked from the malicious source -# -# - -[Definition] - -# Option: actionstart -# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). -# Values: CMD -# -# we don't enable PF automatically; to enable run pfctl -e -# or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD) -# also, these rulesets are loaded into (nested) anchors -# to enable them, add as wildcard: -# anchor "f2b/*" -# or using jail names: -# anchor f2b { -# anchor name1 -# anchor name2 -# ... -# } -# to your main pf ruleset, where "namei" are the names of the jails -# which invoke this action -# to block all protocols use the pf[protocol=all] option -actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f- - port="<port>"; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi - protocol="<protocol>"; if [ "$protocol" != "all" ]; then protocol="proto $protocol"; else protocol=all; fi - echo "<block> $protocol from <<tablename>-<name>> to <actiontype>" | <pfctl> -f- - -# Option: start_on_demand - to start action on demand -# Example: `action=pf[actionstart_on_demand=true]` -actionstart_on_demand = false - -# Option: actionstop -# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -# Values: CMD -# -# we only disable PF rules we've installed prior -actionstop = <pfctl> -sr 2>/dev/null | grep -v <tablename>-<name> | <pfctl> -f- - %(actionflush)s - <pfctl> -t <tablename>-<name> -T kill - - -# Option: actionflush -# Notes.: command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action) -# Values: CMD -# -actionflush = <pfctl> -t <tablename>-<name> -T flush - - -# Option: actioncheck -# Notes.: command executed once before each actionban command -# Values: CMD -# -actioncheck = <pfctl> -sr | grep -q <tablename>-<name> - - -# Option: actionban -# Notes.: command executed when banning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <failures> number of failures -# <time> unix timestamp of the ban time -# Values: CMD -# -actionban = <pfctl> -t <tablename>-<name> -T add <ip> - - -# Option: actionunban -# Notes.: command executed when unbanning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: <ip> IP address -# <failures> number of failures -# <time> unix timestamp of the ban time -# Values: CMD -# -# note -r option used to remove matching rule -actionunban = <pfctl> -t <tablename>-<name> -T delete <ip> - -# Option: pfctl -# -# Use anchor as jailname to manipulate affected rulesets only. -# If more parameter expected it can be extended with `pf[pfctl="<known/pfctl> ..."]` -# -pfctl = pfctl -a f2b/<name> - -[Init] -# Option: tablename -# Notes.: The pf table name. -# Values: [ STRING ] -# -tablename = f2b - -# Option: block -# -# The action you want pf to take. -# Probably, you want "block quick", but adjust as needed. -# If you want to log all blocked use "blog log quick" -block = block quick - -# Option: protocol -# Notes.: internally used by config reader for interpolations. -# Values: [ tcp | udp | icmp | ipv6-icmp ] Default: tcp -# -protocol = tcp - -# Option: actiontype -# Notes.: defines additions to the blocking rule -# Values: leave empty to block all attempts from the host -# Default: Value of the multiport -actiontype = <multiport> - -# Option: allports -# Notes.: default addition to block all ports -# Usage.: use in jail config: "banaction = pf[actiontype=<allports>]" -allports = any - -# Option: multiport -# Notes.: addition to block access only to specific ports -# Usage.: use in jail config: "banaction = pf[actiontype=<multiport>]" -multiport = any port $port - |
