aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/fail2ban/etc-fail2ban/action.d/shorewall.conf
diff options
context:
space:
mode:
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/shorewall.conf')
-rw-r--r--straper/db/public/fail2ban/etc-fail2ban/action.d/shorewall.conf73
1 files changed, 73 insertions, 0 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/shorewall.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/shorewall.conf
new file mode 100644
index 0000000..83d08d9
--- /dev/null
+++ b/straper/db/public/fail2ban/etc-fail2ban/action.d/shorewall.conf
@@ -0,0 +1,73 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+# The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see
+# file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a
+# new shorewall rule to ban an IP address, that rule will affect only new
+# connections. So if the attempter goes on trying using the same connection
+# he could even log in. In order to get the same behavior of the iptable
+# action (so that the ban is immediate) the /etc/shorewall/shorewall.conf
+# file should be modified with "BLACKLISTNEWONLY=No". Note that as of
+# Shorewall 4.5.13 BLACKLISTNEWONLY is deprecated; however the equivalent
+# of BLACKLISTNEWONLY=No can now be achieved by setting BLACKLIST="ALL".
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values: CMD
+#
+actionstart =
+
+# Option: actionstop
+# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
+# Values: CMD
+#
+actionstop =
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionban = shorewall<family> <blocktype> <ip>
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionunban = shorewall<family> allow <ip>
+
+
+[Init]
+
+# Option: family
+# Note: Control which version of command is executed
+# Values: Empty or 6 in case of IPv6
+family =
+
+# Option: blocktype
+# Note: This is what the action does with rules.
+# See man page of shorewall for options that include drop, logdrop, reject, or logreject
+# Values: STRING
+blocktype = reject
+
+[Init?family=inet6]
+
+# Option: family
+# Note: Control which version of command is executed
+# Values: Empty or 6 in case of IPv6
+family = 6
+