mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-24 23:28:59 +01:00
40 lines
950 B
Plaintext
40 lines
950 B
Plaintext
|
#
|
||
|
# Shorewall - /usr/share/shorewall/action.BLACKLIST
|
||
|
#
|
||
|
# This action:
|
||
|
#
|
||
|
# - Adds the sender to the dynamic blacklist ipset
|
||
|
# - Optionally acts on the packet (default is DROP)
|
||
|
#
|
||
|
# Parameters:
|
||
|
#
|
||
|
# 1 - Action to take after adding the packet. Default is DROP.
|
||
|
# Pass -- if you don't want to take any action.
|
||
|
# 2 - Timeout for ipset entry. Default is the timeout specified in
|
||
|
# DYNAMIC_BLACKLIST or the one specified when the ipset was created.
|
||
|
#
|
||
|
###############################################################################
|
||
|
?if ! "$SW_DBL_IPSET"
|
||
|
? error The BLACKLIST action may only be used with ipset-based dynamic blacklisting
|
||
|
?endif
|
||
|
|
||
|
DEFAULTS DROP,-
|
||
|
|
||
|
#ACTION SOURCE DEST PROTO DPORT SPORT
|
||
|
#
|
||
|
# Add to the blacklist
|
||
|
#
|
||
|
?if passed(@2)
|
||
|
ADD($SW_DBL_IPSET:src:@2)
|
||
|
?elsif $SW_DBL_TIMEOUT
|
||
|
ADD($SW_DBL_IPSET:src:$SW_DBL_TIMEOUT)
|
||
|
?else
|
||
|
ADD($SW_DBL_IPSET:src)
|
||
|
?endif
|
||
|
#
|
||
|
# Dispose of the packet if asked
|
||
|
#
|
||
|
?if passed(@1)
|
||
|
@1
|
||
|
?endif
|