# action file to allow loading of IP's from a text file to be blocked
# along with fail2ban.
# The file contains one IP or subnet per line, and may be placed
# anywhere on the system.
#
# This is a perversion of fail2ban's basic purpose, which is to dynamically
# add/remove IP's from IPTables, but it allows us to permenantly ban
# some really, really bad people
#
# example of file
# 172.104.94.112
# 190.40.235.20
# 190.4.51.122
# 210.186.135.78
# 39.45.148.0/24
#
# NOTE: I did not set it up to ignore comments, so you can't put comments
# into the file.
#
# Works on fail2ban v9


[INCLUDES]

before = iptables-common.conf


[Definition]

# what to do when fail2ban starts
# taken directly from the multiport ban script, with the last line
# inserted to load the IP file
# creates a chain, then loads all the IP's into it
actionstart = <iptables> -N f2b-<name>
              <iptables> -A f2b-<name> -j <returntype>
              <iptables> -I <chain> -p <protocol> -j f2b-<name>
              cat <filename> | while read IP; do <iptables> -I f2b-<name> 1 -s $IP -j DROP; done


# these actions are taken when fail2ban is shut down
# basically, destroys the chain
actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
             <iptables> -F f2b-<name>
             <iptables> -X f2b-<name>


actioncheck = 
actionban = 
actionunban = 

[Init]