From 39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2 Mon Sep 17 00:00:00 2001 From: Lukasz Kasprzak Date: Fri, 20 Mar 2026 19:16:32 +0100 Subject: feat: first fully successful run e2e on straper --- .../public/fail2ban/etc-fail2ban/action.d/pf.conf | 128 +++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf') diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf new file mode 100644 index 0000000..7181ed9 --- /dev/null +++ b/straper/db/public/fail2ban/etc-fail2ban/action.d/pf.conf @@ -0,0 +1,128 @@ +# Fail2Ban configuration file +# +# OpenBSD pf ban/unban +# +# Author: Nick Hilliard +# Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6 +# Modified by: Balazs Mateffy adding allproto option so all traffic gets blocked from the malicious source +# +# + +[Definition] + +# Option: actionstart +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). +# Values: CMD +# +# we don't enable PF automatically; to enable run pfctl -e +# or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD) +# also, these rulesets are loaded into (nested) anchors +# to enable them, add as wildcard: +# anchor "f2b/*" +# or using jail names: +# anchor f2b { +# anchor name1 +# anchor name2 +# ... +# } +# to your main pf ruleset, where "namei" are the names of the jails +# which invoke this action +# to block all protocols use the pf[protocol=all] option +actionstart = echo "table <-> persist counters" | -f- + port=""; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi + protocol=""; if [ "$protocol" != "all" ]; then protocol="proto $protocol"; else protocol=all; fi + echo " $protocol from <-> to " | -f- + +# Option: start_on_demand - to start action on demand +# Example: `action=pf[actionstart_on_demand=true]` +actionstart_on_demand = false + +# Option: actionstop +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +# Values: CMD +# +# we only disable PF rules we've installed prior +actionstop = -sr 2>/dev/null | grep -v - | -f- + %(actionflush)s + -t - -T kill + + +# Option: actionflush +# Notes.: command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action) +# Values: CMD +# +actionflush = -t - -T flush + + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = -sr | grep -q - + + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# number of failures +#