# Fail2Ban configuration file # # Author: Donald Yandt # # Because of the rich rule commands requires firewalld-0.3.1+ # This action uses firewalld rich-rules which gives you a cleaner iptables since it stores rules according to zones and not # by chain. So for an example all deny rules will be listed under _deny and all log rules under _log. # # Also this action logs banned access attempts so you can filter that and increase ban time for offenders. # # If you use the --permanent rule you get a xml file in /etc/firewalld/zones/.xml that can be shared and parsed easliy # # Example commands to view rules: # firewall-cmd [--zone=] --list-rich-rules # firewall-cmd [--zone=] --list-all # firewall-cmd [--zone=zone] --query-rich-rule='rule' [INCLUDES] before = firewallcmd-common.conf [Definition] actionstart = actionstop = actioncheck = # you can also use zones and/or service names. # # zone example: # firewall-cmd --zone= --add-rich-rule="rule family='' source address='' port port='' protocol='' log prefix='f2b-' level='' limit value='/m' " # # service name example: # firewall-cmd --zone= --add-rich-rule="rule family='' source address='' service name='' log prefix='f2b-' level='' limit value='/m' " # # Because rich rules can only handle single or a range of ports we must split ports and execute the command for each port. Ports can be single and ranges separated by a comma or space for an example: http, https, 22-60, 18 smtp actionban = ports=""; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='' source address='' port port='$p' protocol='' log prefix='f2b-' level='' limit value='/m' "; done actionunban = ports=""; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='' source address='' port port='$p' protocol='' log prefix='f2b-' level='' limit value='/m' "; done [Init] # log levels are "emerg", "alert", "crit", "error", "warning", "notice", "info" or "debug" level = info # log rate per minute rate = 1