I am using UFW as the action for all jails. Bellow there's an excerpt
from my jail.local related to openssh. It is working.
banaction = ufw
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s",
port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action = %(action_)s
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
Then I discovered the ufw.conf contents (excerpt bellow). It uses the
ufw app syntax (if application not null) so I can ban an ip only for
some ports (app).
actionban = [ -n "<application>" ] && app = 'app "<application>"'
ufw insert <insertpos> <blocktype> from <ip> to
<destination> $app
actionunban = [ -n "<application>" ] && app = 'app "<application>"'
ufw delete <blocktype> from <ip> to <destination> $app
[Init]
insertpos = 1
blocktype = reject
destination = any
# Notes.: application from sudo ufw app list
application =
# Author: Guilhem Lettron
# Enhancements: Daniel Black
Now the question: What must I do to use the app syntax? Must I create an
action (ufw-*.conf) for each jail with hardcoded application inside Init
section (very ugly one)? Or is there a better solution?
Cheers.
Júlio
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
