mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-25 06:16:07 +03:00
Code Issues Projects Releases Wiki Activity

CentOS/RHEL 8 fix

Browse Source 
- Fix fail2ban rules for nftables on CentOS/RHEL 8
This commit is contained in:
hwdsl2 2020-07-02 17:52:13 -05:00
parent 012c19fed1
commit 8283bdb32f
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
vpnsetup_centos.sh
View File

@ -381,15 +381,26 @@ net.ipv4.tcp_wmem = 10240 87380 12582912
EOF EOF
fi fi
if [ ! -f /etc/fail2ban/jail.local ] ; then F2B_FILE="/etc/fail2ban/jail.local"
if [ ! -f "$F2B_FILE" ]; then
bigecho "Creating basic Fail2Ban rules..." bigecho "Creating basic Fail2Ban rules..."
cat > /etc/fail2ban/jail.local <<'EOF' cat > "$F2B_FILE" <<'EOF'
[ssh-iptables] [ssh-iptables]
enabled = true enabled = true
filter = sshd filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/secure
logpath = /var/log/secure
EOF EOF
if [ "$use_nft" = "1" ]; then
cat >> "$F2B_FILE" <<'EOF'
port = ssh
banaction = nftables-multiport[blocktype=drop]
EOF
else
cat >> "$F2B_FILE" <<'EOF'
action = iptables[name=SSH, port=ssh, protocol=tcp]
EOF
fi
fi fi
bigecho "Updating IPTables rules..." bigecho "Updating IPTables rules..."