Merge pull request #215 from grooverdan/reject_no_drop_by_default

ENH: add blocktype to all relevant actions and change default action to reject
author: Yaroslav Halchenko <debian@onerussian.com> 2013-05-08 07:20:14 -0700
committer: Yaroslav Halchenko <debian@onerussian.com> 2013-05-08 07:20:14 -0700
commit: e85914cef818f9f6ce58ae82cf519b19bf072e25 (patch)
tree: 3643f76a8ec9507ac7b2e5b042abb0984c441186 /config/action.d/iptables.conf
parent: 11031d5ec9268cece9138ad7ed8304a4ad1576fe (diff)
parent: ac1944ac6d12a24c88b0c723ea7a8bd0225bc750 (diff)
download: fail2ban-e85914cef818f9f6ce58ae82cf519b19bf072e25.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf
index 662b41c0..370e4731 100644
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@@ -4,6 +4,10 @@
 #
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
 [Definition]
 
 # Option:  actionstart
@@ -34,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -42,7 +46,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
 
 [Init]
author	Yaroslav Halchenko <debian@onerussian.com>	2013-05-08 07:20:14 -0700
committer	Yaroslav Halchenko <debian@onerussian.com>	2013-05-08 07:20:14 -0700
commit	e85914cef818f9f6ce58ae82cf519b19bf072e25 (patch)
tree	3643f76a8ec9507ac7b2e5b042abb0984c441186 /config/action.d/iptables.conf
parent	11031d5ec9268cece9138ad7ed8304a4ad1576fe (diff)
parent	ac1944ac6d12a24c88b0c723ea7a8bd0225bc750 (diff)
download	fail2ban-e85914cef818f9f6ce58ae82cf519b19bf072e25.tar.gz