From 83f7fe4b8402bab171d110703a1b1115efbc9b28 Mon Sep 17 00:00:00 2001 From: Lukasz Kasprzak Date: Tue, 14 Apr 2026 22:32:43 +0200 Subject: cleaned up many scrits and deleted some that were of no use; renamed a lot --- .../action.d/iptables-xt_recent-echo.conf | 87 ---------------------- 1 file changed, 87 deletions(-) delete mode 100644 straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf') diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf deleted file mode 100644 index c3c175b..0000000 --- a/straper/db/public/fail2ban/etc-fail2ban/action.d/iptables-xt_recent-echo.conf +++ /dev/null @@ -1,87 +0,0 @@ -# Fail2Ban configuration file -# -# Author: Zbigniew Jędrzejewski-Szmek -# -# Modified: Alexander Koeppe , Serg G. Brester -# made config file IPv6 capable - -[INCLUDES] - -before = iptables.conf - -[Definition] - -_ipt_chain_rule = -m recent --update --seconds 3600 --name -j -_ipt_for_proto-iter = -_ipt_for_proto-done = - -# Option: actionstart -# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). -# Values: CMD -# -# Changing iptables rules requires root privileges. If fail2ban is -# configured to run as root, firewall setup can be performed by -# fail2ban automatically. However, if fail2ban is configured to run as -# a normal user, the configuration must be done by some other means -# (e.g. using static firewall configuration with the -# iptables-persistent package). -# -# Explanation of the rule below: -# Check if any packets coming from an IP on the -# list have been seen in the last 3600 seconds. If yes, update the -# timestamp for this IP and drop the packet. If not, let the packet -# through. -# -# Fail2ban inserts blacklisted hosts into the list -# and removes them from the list after some time, according to its -# own rules. The 3600 second timeout is independent and acts as a -# safeguard in case the fail2ban process dies unexpectedly. The -# shorter of the two timeouts actually matters. -actionstart = if [ `id -u` -eq 0 ];then - { %(_ipt_check_rule)s >/dev/null 2>&1; } || { -I %(_ipt_chain_rule)s; } - fi - -# Option: actionflush -# -# [TODO] Flushing is currently not implemented for xt_recent -# -actionflush = - -# Option: actionstop -# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -# Values: CMD -# -actionstop = echo / > /proc/net/xt_recent/ - if [ `id -u` -eq 0 ];then - -D %(_ipt_chain_rule)s; - fi - -# Option: actioncheck -# Notes.: command executed as invariant check (error by ban) -# Values: CMD -# -actioncheck = { -C %(_ipt_chain_rule)s; } && test -e /proc/net/xt_recent/ - -# Option: actionban -# Notes.: command executed when banning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: See jail.conf(5) man page -# Values: CMD -# -actionban = echo + > /proc/net/xt_recent/ - -# Option: actionunban -# Notes.: command executed when unbanning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: See jail.conf(5) man page -# Values: CMD -# -actionunban = echo - > /proc/net/xt_recent/ - -[Init] - -iptname = f2b- - -[Init?family=inet6] - -iptname = f2b-6 -- cgit v1.3