imfreedom/email-ansible
Clone
Summary
Browse
Changes
Graph
Add vigil as our new status page.
draft
2021-07-07, Gary Kramlich
fad77591ea2e
Add vigil as our new status page.
#
Fail2Ban
action
configuration
file
for
ufw
#
#
You
are
required
to
run
"ufw enable"
before
this
will
have
any
effect
.
#
#
The
insert
position
should
be
appropriate
to
block
the
required
traffic
.
#
A
number
after
an
allow
rule
to
the
application
won
'
t
be
of
much
use
.
[
Definition
]
actionstart
=
actionstop
=
actioncheck
=
#
`
ss
-
K
`
kills
any
(
TCP
)
sockets
in
progress
.
This
makes
the
ban
take
#
effect
immediately
,
rather
than
only
for
new
connections
.
See
:
#
https
:
//
github
.
com
/
fail2ban
/
fail2ban
/
pull
/
2578
#
#
`
conntrack
-
D
`
kills
any
connection
tracking
state
.
With
the
TCP
sockets
#
already
killed
,
the
practical
effect
of
this
is
to
break
UDP
"connections"
.
actionban
=
[
-n "<application>"
]
&&
app
=
"app <application>"
ufw
prepend
<
blocktype
>
from
<
ip
>
to
<
destination
>
$
app
ss
-
K
dst
<
ip
>
conntrack
-
D
-
s
<
ip
>
||
true
actionunban
=
[
-n "<application>"
]
&&
app
=
"app <application>"
ufw
delete
<
blocktype
>
from
<
ip
>
to
<
destination
>
$
app
[
Init
]
#
Option
:
insertpos
#
Notes
.
:
The
position
number
in
the
firewall
list
to
insert
the
block
rule
insertpos
=
1
#
Option
:
blocktype
#
Notes
.
:
reject
or
deny
blocktype
=
reject
#
Option
:
destination
#
Notes
.
:
The
destination
address
to
block
in
the
ufw
rule
destination
=
any
#
Option
:
application
#
Notes
.
:
application
from
sudo
ufw
app
list
application
=
#
DEV
NOTES
:
#
#
Author
:
Guilhem
Lettron
#
Enhancements
:
Daniel
Black