This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_fail2ban [2020/09/16 13:07] val [Сервис Fail2ban] |
сервис_fail2ban [2020/11/18 20:17] val [Блокировка через cisco acl] |
||
---|---|---|---|
Line 67: | Line 67: | ||
# cat /etc/fail2ban/filter.d/cisco-change-config.conf | # cat /etc/fail2ban/filter.d/cisco-change-config.conf | ||
</code><code> | </code><code> | ||
- | [INCLUDES] | ||
- | |||
[Definition] | [Definition] | ||
Line 100: | Line 98: | ||
# cat /etc/fail2ban/filter.d/snort_filter.conf | # cat /etc/fail2ban/filter.d/snort_filter.conf | ||
</code><code> | </code><code> | ||
- | [INCLUDES] | ||
- | |||
[Definition] | [Definition] | ||
failregex = .*snort.*Priority: 1.*} <HOST>.* | failregex = .*snort.*Priority: 1.*} <HOST>.* | ||
# .*snort.*Priority: 2.*} <HOST>.* | # .*snort.*Priority: 2.*} <HOST>.* | ||
- | |||
- | ignoreregex = | ||
</code> | </code> | ||
Line 176: | Line 170: | ||
actionban = /root/cisco-change-firewall.sh | actionban = /root/cisco-change-firewall.sh | ||
- | actionunban = /root/cisco-change-firewall.sh | + | # f2b bug |
+ | actionunban = echo /root/cisco-change-firewall.sh | at now + 1 min | ||
</code> | </code> | ||