Skip to content
Snippets Groups Projects
Commit cd8d6959 authored by ale's avatar ale
Browse files

Support fail2ban integration via dedicated ipsets

parent 7c552da5
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
conf-dist/filter.d/01fail2ban
+ 4
9
View file @ cd8d6959
# The following snippet saves the existing fail2ban rules and
# reproduces them identically in the output (IPv4-only).
iptables-save -t filter | (while read line ; do
case "${line}" in
":fail2ban-"*|"-A fail2ban-"*|*"-j fail2ban-"*)
add_rule4 "${line}"
;;
esac
done)
# Support integration with fail2ban via dedicated ipsets.
add_rule4 -A pre-input -m set --match-set f2b_ip src -j DROP
add_rule6 -A pre-input -m set --match-set f2b_ip6 src -j DROP
update-ipset
+ 6
0
View file @ cd8d6959
......@@ -32,9 +32,15 @@ gen_set() {
fi
}
gen_fail2ban() {
echo "create f2b_ip hash:ip family inet timeout 0"
echo "create f2b_ip6 hash:ip family inet6 timeout 0"
}
(
gen_set ipv4 ip
gen_set ipv6 ip
gen_set ipv4 net
gen_set ipv6 net
gen_fail2ban
) | ipset restore '-!' -exist
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment