diff options
Diffstat (limited to 'ip64tables-ipset-proto6-allports.conf')
-rw-r--r-- | ip64tables-ipset-proto6-allports.conf | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/ip64tables-ipset-proto6-allports.conf b/ip64tables-ipset-proto6-allports.conf new file mode 100644 index 000000000000..f077da876efe --- /dev/null +++ b/ip64tables-ipset-proto6-allports.conf @@ -0,0 +1,64 @@ +# Fail2Ban configuration file +# +# Author: Daniel Black +# +# This is for ipset protocol 6 (and hopefully later) (ipset v6.14). +# Use ipset -V to see the protocol and version. Version 4 should use +# iptables-ipset-proto4.conf. +# +# This requires the program ipset which is normally in package called ipset. +# +# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels. +# +# If you are running on an older kernel you make need to patch in external +# modules which probably won't be protocol version 6. + +[INCLUDES] + +before = iptables-common.conf + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = ipset create f2b-<name> hash:ip family inet timeout <bantime> + ipset create f2b6-<name> hash:ip family inet6 timeout <bantime> + <iptables> -I <chain> -m set --match-set f2b-<name> src -j <blocktype> + ip6tables -I <chain> -m set --match-set f2b6-<name> src -j <blocktype> + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = <iptables> -D <chain> -m set --match-set f2b-<name> src -j <blocktype> + ip6tables -D <chain> -m set --match-set f2b6-<name> src -j <blocktype> + ipset flush f2b-<name> + ipset flush f2b6-<name> + ipset destroy f2b-<name> + ipset destroy f2b6-<name> + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = ipset add f2b-<name> <ip> timeout <bantime> -exist + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = ipset del f2b-<name> <ip> -exist + +[Init] + +# Option: bantime +# Notes: specifies the bantime in seconds (handled internally rather than by fail2ban) +# Values: [ NUM ] Default: 600 +# +bantime = 600 |