File tree Expand file tree Collapse file tree 1 file changed +22
-12
lines changed
Expand file tree Collapse file tree 1 file changed +22
-12
lines changed Original file line number Diff line number Diff line change 132132
133133# Checking fail2ban support
134134if [ ! -z " $FIREWALL_EXTENSION " ; then
135- chains=$( cat $VESTA /data/firewall/chains.conf 2> /dev/null)
136- fi
137- for chain in $chains ; do
138- eval $chain
139- if [[ " $PORT " =~ ,| -| : ]] ; then
140- port=" -m multiport --dports $PORT "
141- else
142- port=" --dport $PORT "
143- fi
144- echo " $iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN " > $tmp
145- bash $tmp
135+ for chain in $( cat $VESTA /data/firewall/chains.conf 2> /dev/null) ; do
136+ eval $chain
137+ if [[ " $PORT " =~ ,| -| : ]] ; then
138+ port=" -m multiport --dports $PORT "
139+ else
140+ port=" --dport $PORT "
141+ fi
142+ echo " $iptables -N fail2ban-$CHAIN " >> $tmp
143+ echo " $iptables -F fail2ban-$CHAIN " >> $tmp
144+ echo " $iptables -I fail2ban-$CHAIN -s 0.0.0.0/0 -j RETURN" >> $tmp
145+ echo " $iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN " >> $tmp
146+ done
147+ bash $tmp 2> /dev/null
146148 rm -f $tmp
147- done
149+
150+ for ban in $( cat $VESTA /data/firewall/banlist.conf 2> /dev/null) ; do
151+ eval $ban
152+ echo -n " $iptables -I fail2ban-$CHAIN 1 -s $IP " >> $tmp
153+ echo " -j REJECT --reject-with icmp-port-unreachable" >> $tmp
154+ done
155+ bash $tmp 2> /dev/null
156+ rm -f $tmp
157+ fi
148158
149159# Saving rules to the master iptables file
150160if [ -e " /etc/redhat-release" ; then
You can’t perform that action at this time.
0 commit comments