aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/fail2ban/etc-fail2ban/action.d/route.conf
diff options
context:
space:
mode:
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/route.conf')
-rw-r--r--straper/db/public/fail2ban/etc-fail2ban/action.d/route.conf29
1 files changed, 29 insertions, 0 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/route.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/route.conf
new file mode 100644
index 0000000..9b96a7b
--- /dev/null
+++ b/straper/db/public/fail2ban/etc-fail2ban/action.d/route.conf
@@ -0,0 +1,29 @@
+# Fail2Ban configuration file
+#
+# Author: Michael Gebetsroither
+#
+# This is for blocking whole hosts through blackhole routes.
+#
+# PRO:
+# - Works on all kernel versions and as no compatibility problems (back to debian lenny and WAY further).
+# - It's FAST for very large numbers of blocked ips.
+# - It's FAST because it Blocks traffic before it enters common iptables chains used for filtering.
+# - It's per host, ideal as action against ssh password bruteforcing to block further attack attempts.
+# - No additional software required beside iproute/iproute2
+#
+# CON:
+# - Blocking is per IP and NOT per service, but ideal as action against ssh password bruteforcing hosts
+
+[Definition]
+actionban = ip route add <blocktype> <ip>
+actionunban = ip route del <blocktype> <ip>
+actioncheck =
+actionstart =
+actionstop =
+
+[Init]
+
+# Option: blocktype
+# Note: Type can be blackhole, unreachable and prohibit. Unreachable and prohibit correspond to the ICMP reject messages.
+# Values: STRING
+blocktype = unreachable