D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
usr
/
share
/
doc
/
fail2ban
/
dist-config
/
action.d
/
Filename :
ufw.conf
back
Copy
# Fail2Ban action configuration file for ufw # # You are required to run "ufw enable" before this will have any effect. # # The insert position should be appropriate to block the required traffic. # A number after an allow rule to the application won't be of much use. [Definition] actionstart = actionstop = actioncheck = # ufw does "quickly process packets for which we already have a connection" in before.rules, # therefore all related sockets should be closed # actionban is using `ss` to do so, this only handles IPv4 and IPv6. actionban = if [ -n "<application>" ] && ufw app info "<application>" then ufw <add> <blocktype> from <ip> to <destination> app "<application>" comment "<comment>" else ufw <add> <blocktype> from <ip> to <destination> comment "<comment>" fi <kill> actionunban = if [ -n "<application>" ] && ufw app info "<application>" then ufw delete <blocktype> from <ip> to <destination> app "<application>" else ufw delete <blocktype> from <ip> to <destination> fi # Option: kill-mode # Notes.: can be set to ss or conntrack (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill) # Example: banaction = ufw[kill-mode=ss] kill-mode = # intern conditional parameter used to provide killing mode after ban: _kill_ = _kill_ss = ss -K dst "[<ip>]" _kill_conntrack = conntrack -D -s "<ip>" # Option: kill # Notes.: can be used to specify custom killing feature, by default depending on option kill-mode # Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"'] # banaction = ufw[kill='cutter "<ip>"'] kill = <_kill_<kill-mode>> [Init] # Option: add # Notes.: can be set to "insert 1" to insert a rule at certain position (here 1): add = prepend # Option: blocktype # Notes.: reject or deny blocktype = reject # Option: destination # Notes.: The destination address to block in the ufw rule destination = any # Option: application # Notes.: application from sudo ufw app list application = # Option: comment # Notes.: comment for rule added by fail2ban comment = by Fail2Ban after <failures> attempts against <name> # DEV NOTES: # # Author: Guilhem Lettron # Enhancements: Daniel Black