Le 24/07/2015 14:08, Krigbaum, Larry E a écrit : > I'm sure this is a too simple of a question but I'm seeing fail2ban > issue commands such as: > > iptables -D <chain> -p tcp --dport ssh -j f2b-SSH > iptables -I <chain> -p tcp --dport ssh -j f2b-SSH > > where patterns such as: > > iptables -D <chain> -p <protocol> --dport <port> -j f2b-<name> > > are not being correctly parsed. I've been assuming that this is because > 'chain' has not been correctly defined. I've spent hours searching the > web and grepping the fail2ban directories but haven't located where that > definition should take place. Where should chain be defined, or am I > totally on the wrong track? Thanks.
Fail2ban's main configuration file is /etc/fail2ban/jail.conf, which can be overridden by /etc/fail2ban/jail.local. -- In these files, you can find variable definitions, such as: chain = INPUT banaction = iptables-multiport -- There are also actions for specific jails, where parameters may be defined, eg: action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp] -- Finally, in the action files themselves, you often have default values for parameters, in case these were not defined when specifying the action in jail.conf/local. Here is for instance the relevant part of /etc/fail2ban/action.d/iptables-multiport.conf: [Init] name = default port = ssh protocol = tcp chain = INPUT Those are the three places where values may be defined. Note however that variables defined in jail.conf/jail.local cannot be used in action files unless they are given to the latter as parameters. HTH. ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
