46 lines
1.8 KiB
Diff
46 lines
1.8 KiB
Diff
From 8f6a8df3a45395620e434fd15b4ede694a1d00aa Mon Sep 17 00:00:00 2001
|
|
From: "Sergey G. Brester" <serg.brester@sebres.de>
|
|
Date: Thu, 6 May 2021 21:47:06 +0200
|
|
Subject: [PATCH] added new options `kill-mode` and `kill`, which makes the
|
|
drop of all connections optional
|
|
|
|
---
|
|
config/action.d/ufw.conf | 17 ++++++++++++++++-
|
|
1 file changed, 16 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
|
|
index bf06fe679..cf8c22bec 100644
|
|
--- a/config/action.d/ufw.conf
|
|
+++ b/config/action.d/ufw.conf
|
|
@@ -23,7 +23,7 @@ actionban = if [ -n "<application>" ] && ufw app info "<application>"
|
|
else
|
|
ufw <add> <blocktype> from <ip> to <destination> comment "<comment>"
|
|
fi
|
|
- ss -K dst [<ip>]
|
|
+ <kill>
|
|
|
|
actionunban = if [ -n "<application>" ] && ufw app info "<application>"
|
|
then
|
|
@@ -32,6 +32,21 @@ actionunban = if [ -n "<application>" ] && ufw app info "<application>"
|
|
ufw delete <blocktype> from <ip> to <destination>
|
|
fi
|
|
|
|
+# Option: kill-mode
|
|
+# Notes.: can be set to ss (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
|
|
+# Example: banaction = ufw[kill-mode=ss]
|
|
+kill-mode =
|
|
+
|
|
+# intern conditional parameter used to provide killing mode after ban:
|
|
+_kill_ =
|
|
+_kill_ss = ss -K dst "[<ip>]"
|
|
+
|
|
+# Option: kill
|
|
+# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode
|
|
+# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"']
|
|
+ banaction = ufw[kill='cutter "<ip>"']
|
|
+kill = <_kill_<kill-mode>>
|
|
+
|
|
[Init]
|
|
# Option: add
|
|
# Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):
|