Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Fail2Ban configuration file
- #
- # Author: Cyril Jaquier
- # Modified: Yaroslav O. Halchenko <debian@onerussian.com>
- # made active on all ports from original iptables.conf
- # Modified: David Carlos Manuelda <stormbyte@gmail.com>
- added an explicit ban on INPUT to efectivelly block everything.
- # $Revision$
- #
- [Definition]
- # Option: actionstart
- # Notes.: command executed once at the start of Fail2Ban.
- # Values: CMD
- #
- actionstart = iptables -N fail2ban-<name>
- iptables -A fail2ban-<name> -j RETURN
- iptables -I <chain> -p <protocol> -j fail2ban-<name>
- # Option: actionstop
- # Notes.: command executed once at the end of Fail2Ban
- # Values: CMD
- #
- actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
- iptables -F fail2ban-<name>
- iptables -X fail2ban-<name>
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
- # Values: CMD
- #
- actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
- # Option: actionban
- # Notes.: command executed when banning an IP. Take care that the
- # command is executed with Fail2Ban user rights.
- # Tags: <ip> IP address
- # <failures> number of failures
- # <time> unix timestamp of the ban time
- # Values: CMD
- #
- actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
- iptables -I INPUT -s <ip> -j DROP
- # Option: actionunban
- # Notes.: command executed when unbanning an IP. Take care that the
- # command is executed with Fail2Ban user rights.
- # Tags: <ip> IP address
- # <failures> number of failures
- # <time> unix timestamp of the ban time
- # Values: CMD
- #
- actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
- [Init]
- # Defaut name of the chain
- #
- name = default
- # Option: protocol
- # Notes.: internally used by config reader for interpolations.
- # Values: [ tcp | udp | icmp | all ] Default: tcp
- #
- protocol = tcp
- # Option: chain
- # Notes specifies the iptables chain to which the fail2ban rules should be
- # added
- # Values: STRING Default: INPUT
- chain = INPUT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement