aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf
diff options
context:
space:
mode:
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf')
-rw-r--r--straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf128
1 files changed, 0 insertions, 128 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf
deleted file mode 100644
index 7181ed9..0000000
--- a/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf
+++ /dev/null
@@ -1,128 +0,0 @@
-# Fail2Ban configuration file
-#
-# OpenBSD pf ban/unban
-#
-# Author: Nick Hilliard <nick@foobar.org>
-# Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6
-# Modified by: Balazs Mateffy adding allproto option so all traffic gets blocked from the malicious source
-#
-#
-
-[Definition]
-
-# Option: actionstart
-# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
-# Values: CMD
-#
-# we don't enable PF automatically; to enable run pfctl -e
-# or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD)
-# also, these rulesets are loaded into (nested) anchors
-# to enable them, add as wildcard:
-# anchor "f2b/*"
-# or using jail names:
-# anchor f2b {
-# anchor name1
-# anchor name2
-# ...
-# }
-# to your main pf ruleset, where "namei" are the names of the jails
-# which invoke this action
-# to block all protocols use the pf[protocol=all] option
-actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f-
- port="<port>"; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi
- protocol="<protocol>"; if [ "$protocol" != "all" ]; then protocol="proto $protocol"; else protocol=all; fi
- echo "<block> $protocol from <<tablename>-<name>> to <actiontype>" | <pfctl> -f-
-
-# Option: start_on_demand - to start action on demand
-# Example: `action=pf[actionstart_on_demand=true]`
-actionstart_on_demand = false
-
-# Option: actionstop
-# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-# Values: CMD
-#
-# we only disable PF rules we've installed prior
-actionstop = <pfctl> -sr 2>/dev/null | grep -v <tablename>-<name> | <pfctl> -f-
- %(actionflush)s
- <pfctl> -t <tablename>-<name> -T kill
-
-
-# Option: actionflush
-# Notes.: command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
-# Values: CMD
-#
-actionflush = <pfctl> -t <tablename>-<name> -T flush
-
-
-# Option: actioncheck
-# Notes.: command executed once before each actionban command
-# Values: CMD
-#
-actioncheck = <pfctl> -sr | grep -q <tablename>-<name>
-
-
-# Option: actionban
-# Notes.: command executed when banning an IP. Take care that the
-# command is executed with Fail2Ban user rights.
-# Tags: <ip> IP address
-# <failures> number of failures
-# <time> unix timestamp of the ban time
-# Values: CMD
-#
-actionban = <pfctl> -t <tablename>-<name> -T add <ip>
-
-
-# Option: actionunban
-# Notes.: command executed when unbanning an IP. Take care that the
-# command is executed with Fail2Ban user rights.
-# Tags: <ip> IP address
-# <failures> number of failures
-# <time> unix timestamp of the ban time
-# Values: CMD
-#
-# note -r option used to remove matching rule
-actionunban = <pfctl> -t <tablename>-<name> -T delete <ip>
-
-# Option: pfctl
-#
-# Use anchor as jailname to manipulate affected rulesets only.
-# If more parameter expected it can be extended with `pf[pfctl="<known/pfctl> ..."]`
-#
-pfctl = pfctl -a f2b/<name>
-
-[Init]
-# Option: tablename
-# Notes.: The pf table name.
-# Values: [ STRING ]
-#
-tablename = f2b
-
-# Option: block
-#
-# The action you want pf to take.
-# Probably, you want "block quick", but adjust as needed.
-# If you want to log all blocked use "blog log quick"
-block = block quick
-
-# Option: protocol
-# Notes.: internally used by config reader for interpolations.
-# Values: [ tcp | udp | icmp | ipv6-icmp ] Default: tcp
-#
-protocol = tcp
-
-# Option: actiontype
-# Notes.: defines additions to the blocking rule
-# Values: leave empty to block all attempts from the host
-# Default: Value of the multiport
-actiontype = <multiport>
-
-# Option: allports
-# Notes.: default addition to block all ports
-# Usage.: use in jail config: "banaction = pf[actiontype=<allports>]"
-allports = any
-
-# Option: multiport
-# Notes.: addition to block access only to specific ports
-# Usage.: use in jail config: "banaction = pf[actiontype=<multiport>]"
-multiport = any port $port
-