[Init] # The following had defaults that I wasn't happy with, but now they're not being # used anyways as I don't want offending hosts talking to *any* service on this # server until the ban expires. IF you just want to block access to the offending # service these SHOULD NOT have defaults, the triggering rule should apply them # so they actually block just that service rather than mess up whatever the default # is #name = #port = #protocol = # This is the manual table that I setup to handle blocked hosts table = OFFENDINGIPS [Definition] # The commands that get executed when fail2ban starts up # We don't need to do anything since I take care of this manually and permanently actionstart = # The commands that get executed when fail2ban shuts down # We don't need to do anything since I take care of this manually and permanently actionstop = # There doesn't really seem to be any documentation on what this actually does, # I've modified it so it will look at the appropriate table and it appears that # it's just checking to make sure that the INPUT table is properly redirecting # to the table that has the offending hosts in it actioncheck = iptables -n -L INPUT | grep -q # This command bans the offending IP and marks them as an attacker actionban = iptables -A
-s -j LOG --log-prefix "Attacker's Back " iptables -A
-s -m recent --set --name ATTACKER -j DROP # This command removes an IP from the ban-list actionunban = iptables -D
-s -j LOG --log-prefix "Attacker's Back " iptables -D
-s -j DROP