# Fail2Ban configuration file
#
# Author: Donald Yandt 
# Because of the --remove-rules in stop this action requires firewalld-0.3.8+

[INCLUDES]

before = iptables-common.conf

[Definition]

actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
              firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>

actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
             firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
             firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>

# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'

actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'

actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>

actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>

[Init]

# Default name of the chain
name = default

chain = INPUT_direct

# Could also use port numbers separated by a comma. 
port = 1:65535


# Option:  protocol
# Values:  [ tcp | udp | icmp | all ]

protocol = tcp



# DEV NOTES:
#
# Author: Donald Yandt 
# Uses "FirewallD" instead of the "iptables daemon".
#
#
# Output:
# actionstart:
# $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity
# success
# $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN
# success
# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
# success
# actioncheck:
# $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
# f2b-apache-modsecurity