summarylogtreecommitdiffstats
path: root/ip64tables-ipset-proto6-allports.conf
diff options
context:
space:
mode:
Diffstat (limited to 'ip64tables-ipset-proto6-allports.conf')
-rw-r--r--ip64tables-ipset-proto6-allports.conf64
1 files changed, 64 insertions, 0 deletions
diff --git a/ip64tables-ipset-proto6-allports.conf b/ip64tables-ipset-proto6-allports.conf
new file mode 100644
index 000000000000..f077da876efe
--- /dev/null
+++ b/ip64tables-ipset-proto6-allports.conf
@@ -0,0 +1,64 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
+# Use ipset -V to see the protocol and version. Version 4 should use
+# iptables-ipset-proto4.conf.
+#
+# This requires the program ipset which is normally in package called ipset.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules which probably won't be protocol version 6.
+
+[INCLUDES]
+
+before = iptables-common.conf
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = ipset create f2b-<name> hash:ip family inet timeout <bantime>
+ ipset create f2b6-<name> hash:ip family inet6 timeout <bantime>
+ <iptables> -I <chain> -m set --match-set f2b-<name> src -j <blocktype>
+ ip6tables -I <chain> -m set --match-set f2b6-<name> src -j <blocktype>
+
+# Option: actionstop
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = <iptables> -D <chain> -m set --match-set f2b-<name> src -j <blocktype>
+ ip6tables -D <chain> -m set --match-set f2b6-<name> src -j <blocktype>
+ ipset flush f2b-<name>
+ ipset flush f2b6-<name>
+ ipset destroy f2b-<name>
+ ipset destroy f2b6-<name>
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionban = ipset add f2b-<name> <ip> timeout <bantime> -exist
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionunban = ipset del f2b-<name> <ip> -exist
+
+[Init]
+
+# Option: bantime
+# Notes: specifies the bantime in seconds (handled internally rather than by fail2ban)
+# Values: [ NUM ] Default: 600
+#
+bantime = 600