mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-07-05 01:09:37 +00:00
Added fail2ban, though not sure its configured correctly yet
This commit is contained in:
Jamie Curnow
74
docker/rootfs/fail2ban/action.d/shorewall.conf
Normal file
74
docker/rootfs/fail2ban/action.d/shorewall.conf
Normal file
@ -0,0 +1,74 @@
|
||||
## Version 2022/08/06
|
||||
# Fail2Ban configuration file
|
||||
#
|
||||
# Author: Cyril Jaquier
|
||||
#
|
||||
#
|
||||
# The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see
|
||||
# file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a
|
||||
# new shorewall rule to ban an IP address, that rule will affect only new
|
||||
# connections. So if the attempter goes on trying using the same connection
|
||||
# he could even log in. In order to get the same behavior of the iptable
|
||||
# action (so that the ban is immediate) the /etc/shorewall/shorewall.conf
|
||||
# file should be modified with "BLACKLISTNEWONLY=No". Note that as of
|
||||
# Shorewall 4.5.13 BLACKLISTNEWONLY is deprecated; however the equivalent
|
||||
# of BLACKLISTNEWONLY=No can now be achieved by setting BLACKLIST="ALL".
|
||||
#
|
||||
|
||||
[Definition]
|
||||
|
||||
# Option: actionstart
|
||||
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
||||
# Values: CMD
|
||||
#
|
||||
actionstart =
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop =
|
||||
|
||||
# Option: actioncheck
|
||||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck =
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionban = shorewall<family> <blocktype> <ip>
|
||||
|
||||
# Option: actionunban
|
||||
# Notes.: command executed when unbanning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionunban = shorewall<family> allow <ip>
|
||||
|
||||
|
||||
[Init]
|
||||
|
||||
# Option: family
|
||||
# Note: Control which version of command is executed
|
||||
# Values: Empty or 6 in case of IPv6
|
||||
family =
|
||||
|
||||
# Option: blocktype
|
||||
# Note: This is what the action does with rules.
|
||||
# See man page of shorewall for options that include drop, logdrop, reject, or logreject
|
||||
# Values: STRING
|
||||
blocktype = reject
|
||||
|
||||
[Init?family=inet6]
|
||||
|
||||
# Option: family
|
||||
# Note: Control which version of command is executed
|
||||
# Values: Empty or 6 in case of IPv6
|
||||
family = 6
|
||||
|
||||
Reference in New Issue
Block a user