From 8f6a8df3a45395620e434fd15b4ede694a1d00aa Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <serg.brester@sebres.de>
Date: Thu, 6 May 2021 21:47:06 +0200
Subject: [PATCH] added new options `kill-mode` and `kill`, which makes the
 drop of all connections optional

---
 config/action.d/ufw.conf | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
index bf06fe679..cf8c22bec 100644
--- a/config/action.d/ufw.conf
+++ b/config/action.d/ufw.conf
@@ -23,7 +23,7 @@ actionban = if [ -n "<application>" ] && ufw app info "<application>"
             else
               ufw <add> <blocktype> from <ip> to <destination> comment "<comment>"
             fi
-            ss -K dst [<ip>]
+            <kill>
 
 actionunban = if [ -n "<application>" ] && ufw app info "<application>"
               then
@@ -32,6 +32,21 @@ actionunban = if [ -n "<application>" ] && ufw app info "<application>"
                 ufw delete <blocktype> from <ip> to <destination>
               fi
 
+# Option: kill-mode
+# Notes.: can be set to ss (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
+# Example: banaction = ufw[kill-mode=ss]
+kill-mode =
+
+# intern conditional parameter used to provide killing mode after ban:
+_kill_ =
+_kill_ss = ss -K dst "[<ip>]"
+
+# Option: kill
+# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode
+# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"']
+            banaction = ufw[kill='cutter "<ip>"']
+kill = <_kill_<kill-mode>>
+
 [Init]
 # Option: add
 # Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):