mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-07-05 01:09:37 +00:00
Added fail2ban, though not sure its configured correctly yet
This commit is contained in:
91
docker/rootfs/fail2ban/action.d/opnsense.conf
Normal file
91
docker/rootfs/fail2ban/action.d/opnsense.conf
Normal file
@ -0,0 +1,91 @@
|
||||
## Version 2023/02/16
|
||||
#
|
||||
# Fail2Ban action configuration for OPNsense
|
||||
# Author: https://linuxserver.io/
|
||||
#
|
||||
# Please ensure jail.local permission are secure (640) as it contains your OPNsense API key
|
||||
#
|
||||
# OPNsense API Key/Secret guide: https://docs.opnsense.org/development/how-tos/api.html
|
||||
#
|
||||
# This action maintains an OPNsense HOST group alias.
|
||||
#
|
||||
# Configure OPNsense with:
|
||||
# A correctly named empty HOST group alias.
|
||||
# An associated firewall rule.
|
||||
#
|
||||
# In most instances the OPNsense rule will likely take the form of a INBOUND WAN DROP but specifics are left to user discretion.
|
||||
#
|
||||
# WARNING: This action allows connections to default OPNsense installs deployed with self signed TLS certificates.
|
||||
# If required disable this by setting `allow_insecure = false` in your `jail.local`
|
||||
#
|
||||
|
||||
[Definition]
|
||||
|
||||
# Option: actionstart
|
||||
# Notes.: command executed once at the start of Fail2Ban.
|
||||
# Values: CMD
|
||||
#
|
||||
#actionstart =
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed once at the end of Fail2Ban
|
||||
# Values: CMD
|
||||
#
|
||||
#actionstop =
|
||||
|
||||
# Option: actioncheck
|
||||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
#actioncheck =
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionban = curl <_allow_insecure> -s -u "<key>":"<secret>" -H "Content-Type: application/json" -d '{"address":"<ip>"}' https://<firewall>/api/firewall/alias_util/add/<alias>
|
||||
|
||||
# Option: actionunban
|
||||
# Notes.: command executed when unbanning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionunban = curl <_allow_insecure> -s -u "<key>":"<secret>" -H "Content-Type: application/json" -d '{"address":"<ip>"}' https://<firewall>/api/firewall/alias_util/delete/<alias>
|
||||
|
||||
# Internal variable handler for `allow_insecure`
|
||||
_allow_insecure = $(if [ '<allow_insecure>' = true ]; then echo ' -k '; else echo ''; fi;)
|
||||
|
||||
[Init]
|
||||
|
||||
# Option: alias
|
||||
# Notes.: The OPNsense host group name to add the Fail2ban IP to.
|
||||
# Values: [ STRING ]
|
||||
#
|
||||
alias =
|
||||
|
||||
# Option: firewall
|
||||
# Notes.: Your OPNsense IP or DNS name.
|
||||
# Values: [ STRING ]
|
||||
#
|
||||
firewall =
|
||||
|
||||
# Option: key
|
||||
# Notes.: Your OPNsense user key.
|
||||
# Values: [ STRING ]
|
||||
#
|
||||
key =
|
||||
|
||||
# Option: secret
|
||||
# Notes.: Your OPNsense user secret.
|
||||
# Values: [ STRING ]
|
||||
#
|
||||
secret =
|
||||
|
||||
# Option: allow_insecure
|
||||
# Notes.: Allow connections to default OPNsense installs deployed with self signed TLS certificates.
|
||||
# Values: [ BOOLEAN ]
|
||||
#
|
||||
allow_insecure = true
|
Reference in New Issue
Block a user