|
|
@ -7,12 +7,18 @@ |
|
|
|
/sbin/iptables --new-chain $NEW_Fail2Ban |
|
|
|
/sbin/iptables --new-chain $NEW_Fail2Ban |
|
|
|
EOF |
|
|
|
EOF |
|
|
|
|
|
|
|
|
|
|
|
foreach my $ban ( $f2bdb->get_all_by_prop(type=>('ban')) ){ |
|
|
|
if ( ($fail2ban{'status'} || 'disabled') eq 'enabled' ){ |
|
|
|
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . |
|
|
|
foreach my $ban ( $f2bdb->get_all_by_prop(type=>('ban')) ){ |
|
|
|
" -s " . $ban->key . " -j denylog\n" |
|
|
|
my $ip = $ban->prop('Host'); |
|
|
|
if ( ($fail2ban{'status'} || 'disabled') eq 'enabled' ); |
|
|
|
my $proto = $ban->prop('Protocol') || ''; |
|
|
|
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . |
|
|
|
my $port = $ban->prop('Port') || ''; |
|
|
|
" -j RETURN\n"; |
|
|
|
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban -s $ip"; |
|
|
|
|
|
|
|
$OUT .= " -p $proto" if ($proto =~ m/^tcp|udp|icmp$/); |
|
|
|
|
|
|
|
$OUT .= " --dport $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+$/); |
|
|
|
|
|
|
|
$OUT .= " -j denylog\n" |
|
|
|
|
|
|
|
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . |
|
|
|
|
|
|
|
" -j RETURN\n"; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# Having created a new Fail2Ban chain, activate it and destroy the old. |
|
|
|
# Having created a new Fail2Ban chain, activate it and destroy the old. |
|
|
|