mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-08-04 00:13:33 +00:00
Added fail2ban, though not sure its configured correctly yet
This commit is contained in:
Jamie Curnow
76
docker/rootfs/fail2ban/action.d/ufw.conf
Normal file
76
docker/rootfs/fail2ban/action.d/ufw.conf
Normal file
@@ -0,0 +1,76 @@
|
||||
## Version 2022/08/06
|
||||
# Fail2Ban action configuration file for ufw
|
||||
#
|
||||
# You are required to run "ufw enable" before this will have any effect.
|
||||
#
|
||||
# The insert position should be appropriate to block the required traffic.
|
||||
# A number after an allow rule to the application won't be of much use.
|
||||
|
||||
[Definition]
|
||||
|
||||
actionstart =
|
||||
|
||||
actionstop =
|
||||
|
||||
actioncheck =
|
||||
|
||||
# ufw does "quickly process packets for which we already have a connection" in before.rules,
|
||||
# therefore all related sockets should be closed
|
||||
# actionban is using `ss` to do so, this only handles IPv4 and IPv6.
|
||||
|
||||
actionban = if [ -n "<application>" ] && ufw app info "<application>"
|
||||
then
|
||||
ufw <add> <blocktype> from <ip> to <destination> app "<application>" comment "<comment>"
|
||||
else
|
||||
ufw <add> <blocktype> from <ip> to <destination> comment "<comment>"
|
||||
fi
|
||||
<kill>
|
||||
|
||||
actionunban = if [ -n "<application>" ] && ufw app info "<application>"
|
||||
then
|
||||
ufw delete <blocktype> from <ip> to <destination> app "<application>"
|
||||
else
|
||||
ufw delete <blocktype> from <ip> to <destination>
|
||||
fi
|
||||
|
||||
# Option: kill-mode
|
||||
# Notes.: can be set to ss or conntrack (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
|
||||
# Example: banaction = ufw[kill-mode=ss]
|
||||
kill-mode =
|
||||
|
||||
# intern conditional parameter used to provide killing mode after ban:
|
||||
_kill_ =
|
||||
_kill_ss = ss -K dst "[<ip>]"
|
||||
_kill_conntrack = conntrack -D -s "<ip>"
|
||||
|
||||
# Option: kill
|
||||
# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode
|
||||
# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"']
|
||||
# banaction = ufw[kill='cutter "<ip>"']
|
||||
kill = <_kill_<kill-mode>>
|
||||
|
||||
[Init]
|
||||
# Option: add
|
||||
# Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):
|
||||
add = prepend
|
||||
|
||||
# Option: blocktype
|
||||
# Notes.: reject or deny
|
||||
blocktype = reject
|
||||
|
||||
# Option: destination
|
||||
# Notes.: The destination address to block in the ufw rule
|
||||
destination = any
|
||||
|
||||
# Option: application
|
||||
# Notes.: application from sudo ufw app list
|
||||
application =
|
||||
|
||||
# Option: comment
|
||||
# Notes.: comment for rule added by fail2ban
|
||||
comment = by Fail2Ban after <failures> attempts against <name>
|
||||
|
||||
# DEV NOTES:
|
||||
#
|
||||
# Author: Guilhem Lettron
|
||||
# Enhancements: Daniel Black
|
||||
Reference in New Issue
Block a user