Skip to content

Instantly share code, notes, and snippets.

@AndisGrossteins

AndisGrossteins/iptables-multiport.conf

Last active May 22, 2021 19:53
Show Gist options
  • Save AndisGrossteins/0b041d1449b8b65ce4ac92d71f0dd2f3 to your computer and use it in GitHub Desktop.
Save AndisGrossteins/0b041d1449b8b65ce4ac92d71f0dd2f3 to your computer and use it in GitHub Desktop.
Download ZIP
*DEPRECATED CODE! Please read the replies before using this code or commenting* Updated correct fail2ban for permanent and persistent bans from https://wp.me/p5Ub2q-7w because WordPress.com comments suck for code snippets.
Raw
iptables-multiport.conf
DEPRECATED CODE!!!!1!one!!1
Please read the replies before using this code or commenting!
For a better solution, use the fail2ban's persistence SQLite database with long purge time.
See this answer on Server Fault StackExchange: https://serverfault.com/a/810798/72732
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
cat /etc/fail2ban/persistent.bans | awk '/^fail2ban-<name>/ {print $2}' \
| while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j <blocktype>; done
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
if ! grep -q "fail2ban-<name> <ip>" /etc/fail2ban/persistent.bans; then echo "fail2ban-<name> <ip>" >> /etc/fail2ban/persistent.bans; fi
@probinso
Copy link

none of these examples seem to include modifications for unban

# Option:  actionunban                                                                                                                                                                        
# Notes.:  command executed when unbanning an IP. Take care that the                                                                                                                          
#          command is executed with Fail2Ban user rights.                                                                                                                                     
# Tags:    See jail.conf(5) man page                                                                                                                                                          
# Values:  CMD                                                                                                                                                                                
#                                                                                                                                                                                             
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
        sed -i '/fail2ban-<name> <ip>/d' /etc/fail2ban/persistent.bans

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment