diff options
Diffstat (limited to 'config/action.d/bsd-ipfw.conf')
-rw-r--r-- | config/action.d/bsd-ipfw.conf | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/config/action.d/bsd-ipfw.conf b/config/action.d/bsd-ipfw.conf index 8b0a51aa..65a5e39b 100644 --- a/config/action.d/bsd-ipfw.conf +++ b/config/action.d/bsd-ipfw.conf @@ -14,7 +14,7 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = ipfw show | fgrep -q 'table(<table>)' || ( ipfw show | awk 'BEGIN { b = 1 } { if ($1 <= b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" ) +actionstart = ipfw show | fgrep -q 'table(<table>)' || ( ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" ) # Option: actionstop @@ -81,3 +81,11 @@ block = ip # Values: STRING # blocktype = unreach port + +# Option: lowest_rule_num +# Notes: When fail2ban starts with action and there is no rule for the given table yet +# then fail2ban will start looking for an empty slot starting with this rule number. +# Values: NUM +lowest_rule_num = 111 + + |