One Hat Cyber Team

Your IP : 3.17.159.222

Server IP : 104.21.96.1

Server : Linux agrigation-prod 5.15.0-67-generic #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023 x86_64

Server Software : nginx/1.24.0

PHP Version : 7.4.33

Buat File | Buat Folder

Dir : ~/etc/fail2ban/action.d/

Edit File: firewallcmd-allports.conf

# Fail2Ban configuration file
#
# Author: Donald Yandt 
# Because of the --remove-rules in stop this action requires firewalld-0.3.8+

[INCLUDES]

before = firewallcmd-common.conf

[Definition]

actionstart = firewall-cmd --direct --add-chain <family> filter f2b-<name>
              firewall-cmd --direct --add-rule <family> filter f2b-<name> 1000 -j RETURN
              firewall-cmd --direct --add-rule <family> filter <chain> 0 -j f2b-<name>

actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 -j f2b-<name>
             firewall-cmd --direct --remove-rules <family> filter f2b-<name>
             firewall-cmd --direct --remove-chain <family> filter f2b-<name>

# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-recidive$'

actioncheck = firewall-cmd --direct --get-chains <family> filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'

actionban = firewall-cmd --direct --add-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>

actionunban = firewall-cmd --direct --remove-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>

# DEV NOTES:
#
# Author: Donald Yandt 
# Uses "FirewallD" instead of the "iptables daemon".
#
#
# Output:

# actionstart:
# $ firewall-cmd --direct --add-chain ipv4 filter f2b-recidive
# success
# $ firewall-cmd --direct --add-rule ipv4 filter f2b-recidive 1000 -j RETURN
# success
# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-recidive
# success