Created
April 8, 2018 06:20
-
-
Save rhysforyou/a45fcfcaf27f8e55c5a51a8ef34f75dd to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban configuration file | |
| # | |
| # Author: Cyril Jaquier | |
| # Modified by Yaroslav Halchenko for multiport banning and Lukas Camenzind for persistent banning | |
| # | |
| # | |
| [Definition] | |
| # Option: actionstart | |
| # Notes.: command executed once at the start of Fail2Ban. | |
| # Values: CMD | |
| # | |
| actionstart = iptables -N fail2ban-<name> | |
| iptables -A fail2ban-<name> -j RETURN | |
| iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
| # Load local list of offenders | |
| if [ -f /etc/fail2ban/ip.blacklist ]; then cat /etc/fail2ban/ip.blacklist | grep -e <name>$ | cut -d "," -s -f 1 | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done; fi | |
| # Option: actionstop | |
| # Notes.: command executed once at the end of Fail2Ban | |
| # Values: CMD | |
| # | |
| actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
| iptables -F fail2ban-<name> | |
| iptables -X fail2ban-<name> | |
| # Option: actioncheck | |
| # Notes.: command executed once before each actionban command | |
| # Values: CMD | |
| # | |
| actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name> | |
| # Option: actionban | |
| # Notes.: command executed when banning an IP. Take care that the | |
| # command is executed with Fail2Ban user rights. | |
| # Tags: <ip> IP address | |
| # <failures> number of failures | |
| # <time> unix timestamp of the ban time | |
| # Values: CMD | |
| # | |
| actionban = if ! iptables -C fail2ban-<name> -s <ip> -j DROP; then iptables -I fail2ban-<name> 1 -s <ip> -j DROP; fi | |
| # Add offenders to local blacklist, if not already there | |
| if ! grep -Fxq '<ip>,<name>' /etc/fail2ban/ip.blacklist; then echo '<ip>,<name>' >> /etc/fail2ban/ip.blacklist; fi | |
| # Report offenders to badips.com | |
| wget -q -O /dev/null www.badips.com/add/<name>/<ip> | |
| # Option: actionunban | |
| # Notes.: command executed when unbanning an IP. Take care that the | |
| # command is executed with Fail2Ban user rights. | |
| # Tags: <ip> IP address | |
| # <failures> number of failures | |
| # <time> unix timestamp of the ban time | |
| # Values: CMD | |
| # | |
| actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP | |
| # Disabled clearing out entry from ip.blacklist (somehow happens after each stop of fail2ban) | |
| # sed --in-place '/<ip>,<name>/d' /etc/fail2ban/ip.blacklist | |
| [Init] | |
| # Defaut name of the chain | |
| # | |
| name = default | |
| # Option: port | |
| # Notes.: specifies port to monitor | |
| # Values: [ NUM | STRING ] Default: | |
| # | |
| port = ssh | |
| # Option: protocol | |
| # Notes.: internally used by config reader for interpolations. | |
| # Values: [ tcp | udp | icmp | all ] Default: tcp | |
| # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment