diff options
Diffstat (limited to 'config/action.d/iptables.conf')
-rw-r--r-- | config/action.d/iptables.conf | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf index daef9267..09cfb98b 100644 --- a/config/action.d/iptables.conf +++ b/config/action.d/iptables.conf @@ -13,13 +13,13 @@ # actionstart = iptables -N fail2ban-<name> iptables -A fail2ban-<name> -j RETURN - iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name> + iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name> # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name> +actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name> iptables -F fail2ban-<name> iptables -X fail2ban-<name> @@ -27,7 +27,7 @@ actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name> # Notes.: command executed once before each actionban command # Values: CMD # -actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name> +actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name> # Option: actionban # Notes.: command executed when banning an IP. Take care that the @@ -67,3 +67,8 @@ port = ssh # protocol = tcp +# Option: chain +# Notes specifies the iptables chain to which the fail2ban rules should be +# added +# Values: STRING Default: INPUT +chain = INPUT |