summaryrefslogtreecommitdiff
path: root/config/action.d/iptables.conf
diff options
context:
space:
mode:
Diffstat (limited to 'config/action.d/iptables.conf')
-rw-r--r--config/action.d/iptables.conf11
1 files changed, 8 insertions, 3 deletions
diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf
index daef9267..09cfb98b 100644
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@@ -13,13 +13,13 @@
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
- iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
+ iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
-actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
+actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
@@ -27,7 +27,7 @@ actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
# Notes.: command executed once before each actionban command
# Values: CMD
#
-actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@@ -67,3 +67,8 @@ port = ssh
#
protocol = tcp
+# Option: chain
+# Notes specifies the iptables chain to which the fail2ban rules should be
+# added
+# Values: STRING Default: INPUT
+chain = INPUT
View Lorry Controller Status