koozali/smeserver-fail2ban
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add proto and port support in masq templates

Browse Source
This commit is contained in:
Daniel Berteaud 2013-05-02 01:15:52 +02:00
parent a99711dd02
commit bc6518ba96
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban
View File

@ -7,12 +7,18 @@
/sbin/iptables --new-chain $NEW_Fail2Ban
EOF
foreach my $ban ( $f2bdb->get_all_by_prop(type=>('ban')) ){
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" .
" -s " . $ban->key . " -j denylog\n"
if ( ($fail2ban{'status'} || 'disabled') eq 'enabled' );
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" .
" -j RETURN\n";
if ( ($fail2ban{'status'} || 'disabled') eq 'enabled' ){
foreach my $ban ( $f2bdb->get_all_by_prop(type=>('ban')) ){
my $ip = $ban->prop('Host');
my $proto = $ban->prop('Protocol') || '';
my $port = $ban->prop('Port') || '';
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban -s $ip";
$OUT .= " -p $proto" if ($proto =~ m/^tcp|udp|icmp$/);
$OUT .= " --dport $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+$/);
$OUT .= " -j denylog\n"
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" .
" -j RETURN\n";
}
}
# Having created a new Fail2Ban chain, activate it and destroy the old.