Open mib1185 opened 1 month ago
name: Allow to configure actions about: This adds support to configure actions
Describe the change With this we are able to also configure actions by creating proper *.local files under /etc/fail2ban/action.d/.
*.local
/etc/fail2ban/action.d/
Testing Goal is to set the blocktype for the iptables action to a silent DROP - therefore we use the following inventory variable:
fail2ban_action_configurations: - action: iptables section: Init option: blocktype value: DROP - action: iptables section: Init?family=inet6 option: blocktype value: DROP
which results in
# cat /etc/fail2ban/action.d/iptables.local [Init] blocktype = DROP [Init?family=inet6] blocktype = DROP
# iptables -L -nv Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 210 19478 f2b-apache 6 -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain f2b-apache (1 references) pkts bytes target prot opt in out source destination 5 260 DROP 0 -- * * 10.xx.yyy.zz 0.0.0.0/0 200 18958 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
name: Allow to configure actions about: This adds support to configure actions
Describe the change With this we are able to also configure actions by creating proper
*.localfiles under/etc/fail2ban/action.d/.Testing Goal is to set the blocktype for the iptables action to a silent DROP - therefore we use the following inventory variable:
which results in