pkgs/raven-rhel6
1
0
Fork 0
Code Issues Pull Requests Wiki Activity
raven-rhel6/fail2ban/fail2ban-old-iptables.patch
Raven 8e3477b473 first commit
2024-02-21 20:14:44 +06:00

447 lines
27 KiB
Diff
Raw Permalink Blame History

diff -Naur a/config/action.d/iptables.conf b/config/action.d/iptables.conf
--- a/config/action.d/iptables.conf 2022-11-09 21:46:15.000000000 +0600
+++ b/config/action.d/iptables.conf 2023-10-19 18:28:48.120087718 +0600
@@ -139,12 +139,13 @@
# in iptables 1.4.20, so might be absent on older systems
# See https://github.com/fail2ban/fail2ban/issues/1122
# Values: STRING
-lockingopt = -w
+# lockingopt = -w
# Option: iptables
# Notes.: Actual command to be executed, including common to all calls options
# Values: STRING
-iptables = iptables <lockingopt>
+# iptables = iptables <lockingopt>
+iptables = iptables
[Init?family=inet6]
@@ -159,4 +160,5 @@
# Option: iptables (ipv6)
# Notes.: Actual command to be executed, including common to all calls options
# Values: STRING
-iptables = ip6tables <lockingopt>
+#iptables = ip6tables <lockingopt>
+iptables = ip6tables
diff -Naur a/fail2ban/tests/actiontestcase.py b/fail2ban/tests/actiontestcase.py
--- a/fail2ban/tests/actiontestcase.py 2022-11-09 21:46:15.000000000 +0600
+++ b/fail2ban/tests/actiontestcase.py 2023-10-19 18:46:47.308950813 +0600
@@ -92,8 +92,7 @@
('name', 'any'),
('bantime', '600'),
('ipsetfamily', 'inet'),
- ('iptables', 'iptables <lockingopt>'),
- ('lockingopt', '-w'),
+ ('iptables', 'iptables'),
('chain', 'INPUT'),
('actiontype', '<multiport>'),
('multiport', '-p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>'),
@@ -102,13 +101,12 @@
('blocktype', 'REJECT',),
))
), OrderedDict((
- ('actionstart', 'ipset create f2b-any hash:ip timeout 600 family inet\niptables -w -I INPUT -p tcp -m multiport --dports ssh -m set --match-set f2b-any src -j REJECT'),
+ ('actionstart', 'ipset create f2b-any hash:ip timeout 600 family inet\niptables -I INPUT -p tcp -m multiport --dports ssh -m set --match-set f2b-any src -j REJECT'),
('ipmset', 'f2b-any'),
('name', 'any'),
('bantime', '600'),
('ipsetfamily', 'inet'),
- ('iptables', 'iptables -w'),
- ('lockingopt', '-w'),
+ ('iptables', 'iptables'),
('chain', 'INPUT'),
('actiontype', '-p tcp -m multiport --dports ssh -m set --match-set f2b-any src -j REJECT'),
('multiport', '-p tcp -m multiport --dports ssh -m set --match-set f2b-any src -j REJECT'),
diff -Naur a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
--- a/fail2ban/tests/servertestcase.py 2022-11-09 21:46:15.000000000 +0600
+++ b/fail2ban/tests/servertestcase.py 2023-10-19 18:29:23.349860177 +0600
@@ -1495,46 +1495,46 @@
r"`done`",
),
'ip4-start': (
- "`{ iptables -w -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || "
- "{ iptables -w -N f2b-j-w-iptables-mp || true; iptables -w -A f2b-j-w-iptables-mp -j RETURN; }`",
- "`{ iptables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || "
- "{ iptables -w -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`",
+ "`{ iptables -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || "
+ "{ iptables -N f2b-j-w-iptables-mp || true; iptables -A f2b-j-w-iptables-mp -j RETURN; }`",
+ "`{ iptables -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || "
+ "{ iptables -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`",
),
'ip6-start': (
- "`{ ip6tables -w -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || "
- "{ ip6tables -w -N f2b-j-w-iptables-mp || true; ip6tables -w -A f2b-j-w-iptables-mp -j RETURN; }`",
- "`{ ip6tables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || ",
- "{ ip6tables -w -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`",
+ "`{ ip6tables -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || "
+ "{ ip6tables -N f2b-j-w-iptables-mp || true; ip6tables -A f2b-j-w-iptables-mp -j RETURN; }`",
+ "`{ ip6tables -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || ",
+ "{ ip6tables -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`",
),
'flush': (
- "`iptables -w -F f2b-j-w-iptables-mp`",
- "`ip6tables -w -F f2b-j-w-iptables-mp`",
+ "`iptables -F f2b-j-w-iptables-mp`",
+ "`ip6tables -F f2b-j-w-iptables-mp`",
),
'stop': (
- "`iptables -w -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`",
- "`iptables -w -F f2b-j-w-iptables-mp`",
- "`iptables -w -X f2b-j-w-iptables-mp`",
- "`ip6tables -w -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`",
- "`ip6tables -w -F f2b-j-w-iptables-mp`",
- "`ip6tables -w -X f2b-j-w-iptables-mp`",
+ "`iptables -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`",
+ "`iptables -F f2b-j-w-iptables-mp`",
+ "`iptables -X f2b-j-w-iptables-mp`",
+ "`ip6tables -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`",
+ "`ip6tables -F f2b-j-w-iptables-mp`",
+ "`ip6tables -X f2b-j-w-iptables-mp`",
),
'ip4-check': (
- r"""`iptables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`""",
+ r"""`iptables -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`""",
),
'ip6-check': (
- r"""`ip6tables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`""",
+ r"""`ip6tables -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`""",
),
'ip4-ban': (
- r"`iptables -w -I f2b-j-w-iptables-mp 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
+ r"`iptables -I f2b-j-w-iptables-mp 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
),
'ip4-unban': (
- r"`iptables -w -D f2b-j-w-iptables-mp -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
+ r"`iptables -D f2b-j-w-iptables-mp -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
),
'ip6-ban': (
- r"`ip6tables -w -I f2b-j-w-iptables-mp 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
+ r"`ip6tables -I f2b-j-w-iptables-mp 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
),
'ip6-unban': (
- r"`ip6tables -w -D f2b-j-w-iptables-mp -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
+ r"`ip6tables -D f2b-j-w-iptables-mp -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
),
}),
# iptables-allports --
@@ -1546,46 +1546,46 @@
r"`done`",
),
'ip4-start': (
- "`{ iptables -w -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || "
- "{ iptables -w -N f2b-j-w-iptables-ap || true; iptables -w -A f2b-j-w-iptables-ap -j RETURN; }`",
- "`{ iptables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || ",
- "{ iptables -w -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`",
+ "`{ iptables -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || "
+ "{ iptables -N f2b-j-w-iptables-ap || true; iptables -A f2b-j-w-iptables-ap -j RETURN; }`",
+ "`{ iptables -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || ",
+ "{ iptables -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`",
),
'ip6-start': (
- "`{ ip6tables -w -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || "
- "{ ip6tables -w -N f2b-j-w-iptables-ap || true; ip6tables -w -A f2b-j-w-iptables-ap -j RETURN; }`",
- "`{ ip6tables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || ",
- "{ ip6tables -w -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`",
+ "`{ ip6tables -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || "
+ "{ ip6tables -N f2b-j-w-iptables-ap || true; ip6tables -A f2b-j-w-iptables-ap -j RETURN; }`",
+ "`{ ip6tables -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || ",
+ "{ ip6tables -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`",
),
'flush': (
- "`iptables -w -F f2b-j-w-iptables-ap`",
- "`ip6tables -w -F f2b-j-w-iptables-ap`",
+ "`iptables -F f2b-j-w-iptables-ap`",
+ "`ip6tables -F f2b-j-w-iptables-ap`",
),
'stop': (
- "`iptables -w -D INPUT -p $proto -j f2b-j-w-iptables-ap`",
- "`iptables -w -F f2b-j-w-iptables-ap`",
- "`iptables -w -X f2b-j-w-iptables-ap`",
- "`ip6tables -w -D INPUT -p $proto -j f2b-j-w-iptables-ap`",
- "`ip6tables -w -F f2b-j-w-iptables-ap`",
- "`ip6tables -w -X f2b-j-w-iptables-ap`",
+ "`iptables -D INPUT -p $proto -j f2b-j-w-iptables-ap`",
+ "`iptables -F f2b-j-w-iptables-ap`",
+ "`iptables -X f2b-j-w-iptables-ap`",
+ "`ip6tables -D INPUT -p $proto -j f2b-j-w-iptables-ap`",
+ "`ip6tables -F f2b-j-w-iptables-ap`",
+ "`ip6tables -X f2b-j-w-iptables-ap`",
),
'ip4-check': (
- r"""`iptables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap`""",
+ r"""`iptables -C INPUT -p $proto -j f2b-j-w-iptables-ap`""",
),
'ip6-check': (
- r"""`ip6tables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap`""",
+ r"""`ip6tables -C INPUT -p $proto -j f2b-j-w-iptables-ap`""",
),
'ip4-ban': (
- r"`iptables -w -I f2b-j-w-iptables-ap 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
+ r"`iptables -I f2b-j-w-iptables-ap 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
),
'ip4-unban': (
- r"`iptables -w -D f2b-j-w-iptables-ap -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
+ r"`iptables -D f2b-j-w-iptables-ap -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
),
'ip6-ban': (
- r"`ip6tables -w -I f2b-j-w-iptables-ap 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
+ r"`ip6tables -I f2b-j-w-iptables-ap 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
),
'ip6-unban': (
- r"`ip6tables -w -D f2b-j-w-iptables-ap -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
+ r"`ip6tables -D f2b-j-w-iptables-ap -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
),
}),
# iptables-ipset-proto6 --
@@ -1598,31 +1598,31 @@
),
'ip4-start': (
"`ipset -exist create f2b-j-w-iptables-ipset hash:ip timeout 0 `",
- "`{ iptables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || "
- "{ iptables -w -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable; }`",
+ "`{ iptables -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || "
+ "{ iptables -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable; }`",
),
'ip6-start': (
"`ipset -exist create f2b-j-w-iptables-ipset6 hash:ip timeout 0 family inet6`",
- "`{ ip6tables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || "
- "{ ip6tables -w -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable; }`",
+ "`{ ip6tables -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || "
+ "{ ip6tables -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable; }`",
),
'flush': (
"`ipset flush f2b-j-w-iptables-ipset`",
"`ipset flush f2b-j-w-iptables-ipset6`",
),
'stop': (
- "`iptables -w -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`",
+ "`iptables -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`",
"`ipset flush f2b-j-w-iptables-ipset`",
"`ipset destroy f2b-j-w-iptables-ipset`",
- "`ip6tables -w -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`",
+ "`ip6tables -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`",
"`ipset flush f2b-j-w-iptables-ipset6`",
"`ipset destroy f2b-j-w-iptables-ipset6`",
),
'ip4-check': (
- r"""`iptables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`""",
+ r"""`iptables -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`""",
),
'ip6-check': (
- r"""`ip6tables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`""",
+ r"""`ip6tables -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`""",
),
'ip4-ban': (
r"`ipset -exist add f2b-j-w-iptables-ipset 192.0.2.1 timeout 0`",
@@ -1647,31 +1647,31 @@
),
'ip4-start': (
"`ipset -exist create f2b-j-w-iptables-ipset-ap hash:ip timeout 0 `",
- "`{ iptables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || "
- "{ iptables -w -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable; }",
+ "`{ iptables -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || "
+ "{ iptables -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable; }",
),
'ip6-start': (
"`ipset -exist create f2b-j-w-iptables-ipset-ap6 hash:ip timeout 0 family inet6`",
- "`{ ip6tables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || "
- "{ ip6tables -w -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable; }",
+ "`{ ip6tables -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || "
+ "{ ip6tables -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable; }",
),
'flush': (
"`ipset flush f2b-j-w-iptables-ipset-ap`",
"`ipset flush f2b-j-w-iptables-ipset-ap6`",
),
'stop': (
- "`iptables -w -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`",
+ "`iptables -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`",
"`ipset flush f2b-j-w-iptables-ipset-ap`",
"`ipset destroy f2b-j-w-iptables-ipset-ap`",
- "`ip6tables -w -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`",
+ "`ip6tables -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`",
"`ipset flush f2b-j-w-iptables-ipset-ap6`",
"`ipset destroy f2b-j-w-iptables-ipset-ap6`",
),
'ip4-check': (
- r"""`iptables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`""",
+ r"""`iptables -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`""",
),
'ip6-check': (
- r"""`ip6tables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`""",
+ r"""`ip6tables -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`""",
),
'ip4-ban': (
r"`ipset -exist add f2b-j-w-iptables-ipset-ap 192.0.2.1 timeout 0`",
@@ -1695,46 +1695,46 @@
"`done`",
),
'ip4-start': (
- "`{ iptables -w -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || "
- "{ iptables -w -N f2b-j-w-iptables || true; iptables -w -A f2b-j-w-iptables -j RETURN; }",
- "`{ iptables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || "
- "{ iptables -w -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`",
+ "`{ iptables -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || "
+ "{ iptables -N f2b-j-w-iptables || true; iptables -A f2b-j-w-iptables -j RETURN; }",
+ "`{ iptables -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || "
+ "{ iptables -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`",
),
'ip6-start': (
- "`{ ip6tables -w -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || "
- "{ ip6tables -w -N f2b-j-w-iptables || true; ip6tables -w -A f2b-j-w-iptables -j RETURN; }",
- "`{ ip6tables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || "
- "{ ip6tables -w -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`",
+ "`{ ip6tables -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || "
+ "{ ip6tables -N f2b-j-w-iptables || true; ip6tables -A f2b-j-w-iptables -j RETURN; }",
+ "`{ ip6tables -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || "
+ "{ ip6tables -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`",
),
'flush': (
- "`iptables -w -F f2b-j-w-iptables`",
- "`ip6tables -w -F f2b-j-w-iptables`",
+ "`iptables -F f2b-j-w-iptables`",
+ "`ip6tables -F f2b-j-w-iptables`",
),
'stop': (
- "`iptables -w -D INPUT -p $proto --dport http -j f2b-j-w-iptables`",
- "`iptables -w -F f2b-j-w-iptables`",
- "`iptables -w -X f2b-j-w-iptables`",
- "`ip6tables -w -D INPUT -p $proto --dport http -j f2b-j-w-iptables`",
- "`ip6tables -w -F f2b-j-w-iptables`",
- "`ip6tables -w -X f2b-j-w-iptables`",
+ "`iptables -D INPUT -p $proto --dport http -j f2b-j-w-iptables`",
+ "`iptables -F f2b-j-w-iptables`",
+ "`iptables -X f2b-j-w-iptables`",
+ "`ip6tables -D INPUT -p $proto --dport http -j f2b-j-w-iptables`",
+ "`ip6tables -F f2b-j-w-iptables`",
+ "`ip6tables -X f2b-j-w-iptables`",
),
'ip4-check': (
- r"""`iptables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables`""",
+ r"""`iptables -C INPUT -p $proto --dport http -j f2b-j-w-iptables`""",
),
'ip6-check': (
- r"""`ip6tables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables`""",
+ r"""`ip6tables -C INPUT -p $proto --dport http -j f2b-j-w-iptables`""",
),
'ip4-ban': (
- r"`iptables -w -I f2b-j-w-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
+ r"`iptables -I f2b-j-w-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
),
'ip4-unban': (
- r"`iptables -w -D f2b-j-w-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
+ r"`iptables -D f2b-j-w-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
),
'ip6-ban': (
- r"`ip6tables -w -I f2b-j-w-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
+ r"`ip6tables -I f2b-j-w-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
),
'ip6-unban': (
- r"`ip6tables -w -D f2b-j-w-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
+ r"`ip6tables -D f2b-j-w-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
),
}),
# iptables-new --
@@ -1746,72 +1746,72 @@
"`done`",
),
'ip4-start': (
- "`{ iptables -w -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || "
- "{ iptables -w -N f2b-j-w-iptables-new || true; iptables -w -A f2b-j-w-iptables-new -j RETURN; }`",
- "`{ iptables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || "
- "{ iptables -w -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`",
+ "`{ iptables -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || "
+ "{ iptables -N f2b-j-w-iptables-new || true; iptables -A f2b-j-w-iptables-new -j RETURN; }`",
+ "`{ iptables -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || "
+ "{ iptables -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`",
),
'ip6-start': (
- "`{ ip6tables -w -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || "
- "{ ip6tables -w -N f2b-j-w-iptables-new || true; ip6tables -w -A f2b-j-w-iptables-new -j RETURN; }`",
- "`{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || "
- "{ ip6tables -w -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`",
+ "`{ ip6tables -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || "
+ "{ ip6tables -N f2b-j-w-iptables-new || true; ip6tables -A f2b-j-w-iptables-new -j RETURN; }`",
+ "`{ ip6tables -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || "
+ "{ ip6tables -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`",
),
'flush': (
- "`iptables -w -F f2b-j-w-iptables-new`",
- "`ip6tables -w -F f2b-j-w-iptables-new`",
+ "`iptables -F f2b-j-w-iptables-new`",
+ "`ip6tables -F f2b-j-w-iptables-new`",
),
'stop': (
- "`iptables -w -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`",
- "`iptables -w -F f2b-j-w-iptables-new`",
- "`iptables -w -X f2b-j-w-iptables-new`",
- "`ip6tables -w -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`",
- "`ip6tables -w -F f2b-j-w-iptables-new`",
- "`ip6tables -w -X f2b-j-w-iptables-new`",
+ "`iptables -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`",
+ "`iptables -F f2b-j-w-iptables-new`",
+ "`iptables -X f2b-j-w-iptables-new`",
+ "`ip6tables -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`",
+ "`ip6tables -F f2b-j-w-iptables-new`",
+ "`ip6tables -X f2b-j-w-iptables-new`",
),
'ip4-check': (
- r"""`iptables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`""",
+ r"""`iptables -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`""",
),
'ip6-check': (
- r"""`ip6tables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`""",
+ r"""`ip6tables -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`""",
),
'ip4-ban': (
- r"`iptables -w -I f2b-j-w-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
+ r"`iptables -I f2b-j-w-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
),
'ip4-unban': (
- r"`iptables -w -D f2b-j-w-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
+ r"`iptables -D f2b-j-w-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`",
),
'ip6-ban': (
- r"`ip6tables -w -I f2b-j-w-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
+ r"`ip6tables -I f2b-j-w-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
),
'ip6-unban': (
- r"`ip6tables -w -D f2b-j-w-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
+ r"`ip6tables -D f2b-j-w-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`",
),
}),
# iptables-xt_recent-echo --
('j-w-iptables-xtre', 'iptables-xt_recent-echo[name=%(__name__)s, bantime="10m", chain="<known/chain>"]', {
'ip4': ('`iptables ', '/f2b-j-w-iptables-xtre`'), 'ip6': ('`ip6tables ', '/f2b-j-w-iptables-xtre6`'),
'ip4-start': (
- "`{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; }`",
+ "`{ iptables -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; }`",
),
'ip6-start': (
- "`{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; }`",
+ "`{ ip6tables -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; }`",
),
'stop': (
"`echo / > /proc/net/xt_recent/f2b-j-w-iptables-xtre`",
"`if [ `id -u` -eq 0 ];then`",
- "`iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable;`",
+ "`iptables -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable;`",
"`fi`",
"`echo / > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`",
"`if [ `id -u` -eq 0 ];then`",
- "`ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable;`",
+ "`ip6tables -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable;`",
"`fi`",
),
'ip4-check': (
- r"`{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre`",
+ r"`{ iptables -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre`",
),
'ip6-check': (
- r"`{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre6`",
+ r"`{ ip6tables -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre6`",
),
'ip4-ban': (
r"`echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-w-iptables-xtre`",
Reference in New Issue View Git Blame Copy Permalink