Skip to content

Home

Jump to bottom Edit New page
Alok G Singh edited this page Jun 22, 2018 · 1 revision

Welcome to the rfw wiki!

Fail2Ban

To use rfwc with fail2ban, here is the configuration to drop into /etc/fail2ban/action.d/.

# Fail2Ban configuration file
#
# Author: Alok G Singh
#
#

[INCLUDES]

[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart = <rfwc> chain add <chain>
              <rfwc> rule add INPUT <chain> -p <protocol> -i <ingress> -d <port>

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop = <rfwc> rule rm INPUT <chain> -p <protocol> -d <port> -i <ingress>
             <rfwc> chain rm <chain>

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck = <rfwc> chain list <chain>

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = <rfwc> rule add <chain> <blocktype> -sn <ip>

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban = <rfwc> rule rm <chain> <blocktype> -sn <ip>

[Init]

# Option:  chain
# Notes    specifies the iptables chain to which the Fail2Ban rules should be
#          added
# Values:  STRING  Default: INPUT
chain = f2b-euler

# Option:  port
# Notes.:  specifies port to monitor
# Values:  [ NUM | STRING ]  Default:
#
port = ssh

# Option:  protocol
# Notes.:  internally used by config reader for interpolations.
# Values:  [ tcp | udp | icmp | all ] Default: tcp
#

# Option:  rfwc
# Notes.:  Actual command to be executed
# Values:  STRING
rfwc = rfwc --url https://euler:7393 --user rfw --passwd rfw

# Option:  blocktype
# Note:    This is what the action does with rules. This can be any jump target
#          as per the iptables man page (section 8). Common values are DROP
#          REJECT, REJECT --reject-with icmp-port-unreachable
# Values:  STRING
blocktype = REJECT

# Option:  protocol
# Notes.:  internally used by config reader for interpolations.
# Values:  [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp

# Option:  ingress
# Notes.:  The ingress interface which is the source of packets
# Values:  [ STRING ] Default:
#
ingress = ppp0
Add a custom footer
Add a custom sidebar
Clone this wiki locally