Merge pull request #64 from rook59/add-banaction-allports

Add support for custom allports banaction
Oefenweb · Dec 8, 2020 · eebcd2a · eebcd2a
2 parents 720e6d1 + ffaf40c
commit eebcd2a
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@ None
 - `fail2ban_findtime`: [default: `600`]: A host is banned if it has generated `fail2ban_maxretry` during the last `fail2ban_findtime`
 - `fail2ban_backend`: [default: `auto`]: Specifies the backend used to get files modification
 - `fail2ban_banaction`: [default: `iptables-multiport`]: Sets the global/default banaction
+- `fail2ban_banaction_allports`: [default: `iptables-allports`]: Sets the global/default banaction for allports
 - `fail2ban_mta`: [default: `sendmail`]: Email action
 - `fail2ban_protocol`: [default: `tcp`]: Sets the default protocol
 - `fail2ban_chain`: [default: `INPUT`]: Specifies the chain where jumps would need to be added in iptables-* actions

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -19,6 +19,7 @@ fail2ban_findtime: 600
 fail2ban_backend: auto
 fail2ban_destemail: root@localhost
 fail2ban_banaction: iptables-multiport
+fail2ban_banaction_allports: iptables-allports
 fail2ban_mta: sendmail
 fail2ban_protocol: tcp
 fail2ban_chain: INPUT

diff --git a/templates/etc/fail2ban/jail.local.j2 b/templates/etc/fail2ban/jail.local.j2
@@ -40,6 +40,7 @@ sender = {{ fail2ban_sender }}
 # action_* variables. Can be overridden globally or per
 # section within jail.local file
 banaction = {{ fail2ban_banaction }}
+banaction_allports = {{ fail2ban_banaction_allports }}
 
 # email action. Since 0.8.1 upstream fail2ban uses sendmail
 # MTA for the mailing. Change mta configuration parameter to mail