okay thank you for your explanation
On 08-Mar-11 19:43, Toma Bogdan wrote:
Hello,
If your system have shorewall as firewall solution management
we get 'action' statement from /etc/fail2ban/jail.conf
-------------------
[qmail-pop3]
enable = true
filter = qmail-pop3
action = shorewall
sendmail[name="Qmail Pop3 user fail",
dest=y...@yourdomain.com]
logpath = /path/to/logfile
maxretry = 3
bantime = 600
-----------------------
now action refer to a file from
/etc/fail2ban/action.d
shorewall.conf ( as shorewall from action line above )
and
sendmail.conf ( as sendmail from action line above )
where we have:
shorewall.conf
---------------
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = shorewall drop <ip>
actionunban = shorewall allow <ip>
-------------
and
sendmail.conf
---------------------------------------
[Definition]
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
actioncheck =
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
actionunban = printf %%b "Subject: [Fail2Ban] <name>: unbanned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been unbanned by Fail2Ban
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender>
<dest>