mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-07-05 01:09:37 +00:00
Added fail2ban, though not sure its configured correctly yet
This commit is contained in:
88
docker/rootfs/fail2ban/action.d/osx-ipfw.conf
Normal file
88
docker/rootfs/fail2ban/action.d/osx-ipfw.conf
Normal file
@ -0,0 +1,88 @@
|
||||
## Version 2022/08/06
|
||||
# Fail2Ban configuration file
|
||||
#
|
||||
# Author: Nick Munger
|
||||
# Modified by: Andy Fragen and Daniel Black
|
||||
#
|
||||
# Mod for OS X, using random rulenum as OSX ipfw doesn't include tables
|
||||
#
|
||||
|
||||
[Definition]
|
||||
|
||||
# Option: actionstart
|
||||
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
||||
# Values: CMD
|
||||
#
|
||||
actionstart =
|
||||
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop =
|
||||
|
||||
|
||||
# Option: actioncheck
|
||||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck =
|
||||
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: <ip> IP address
|
||||
# Values: CMD
|
||||
#
|
||||
actionban = ipfw add <rulenum> set <setnum> <blocktype> log <block> from <ip> to <dst> <port>
|
||||
|
||||
|
||||
# Option: actionunban
|
||||
# Notes.: command executed when unbanning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: <ip> IP address
|
||||
# Values: CMD
|
||||
#
|
||||
actionunban = ipfw delete `ipfw -S list | grep -i 'set <setnum> <blocktype> log <block> from <ip> to <dst>' | awk '{print $1;}'`
|
||||
|
||||
[Init]
|
||||
|
||||
# Option: port
|
||||
# Notes.: specifies port to block. Can be blank however may require block="ip"
|
||||
# Values: [ NUM | STRING ]
|
||||
#
|
||||
port = ssh
|
||||
|
||||
# Option: dst
|
||||
# Notes.: the local IP address of the network interface
|
||||
# Values: IP, any, me or anything support by ipfw as a dst
|
||||
#
|
||||
dst = me
|
||||
|
||||
# Option: block
|
||||
# Notes: This is how much to block.
|
||||
# Can be "ip", "tcp", "udp" or various other options.
|
||||
# Values: STRING
|
||||
block = tcp
|
||||
|
||||
# Option: blocktype
|
||||
# Notes.: How to block the traffic. Use a action from man 8 ipfw
|
||||
# Common values: deny, unreach port, reset
|
||||
# Values: STRING
|
||||
#
|
||||
blocktype = unreach port
|
||||
|
||||
# Option: set number
|
||||
# Notes.: The ipset number this is added to.
|
||||
# Values: 0-31
|
||||
setnum = 10
|
||||
|
||||
# Option: number for ipfw rule
|
||||
# Notes: This is meant to be automatically generated and not overwritten
|
||||
# Values: Random value between 10000 and 12000
|
||||
rulenum="`echo $((RANDOM%%2000+10000))`"
|
||||
|
||||
# Duplicate prevention mechanism
|
||||
#rulenum = "`a=$((RANDOM%%2000+10000)); while ipfw show | grep -q ^$a\ ; do a=$((RANDOM%%2000+10000)); done; echo $a`"
|
Reference in New Issue
Block a user