mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-25 15:48:56 +01:00
9c3a82f628
Signed-off-by: Tom Eastep <teastep@shorewall.net>
40 lines
950 B
Plaintext
40 lines
950 B
Plaintext
#
|
|
# Shorewall - /usr/share/shorewall/action.BLACKLIST
|
|
#
|
|
# This action:
|
|
#
|
|
# - Adds the sender to the dynamic blacklist ipset
|
|
# - Optionally acts on the packet (default is DROP)
|
|
#
|
|
# Parameters:
|
|
#
|
|
# 1 - Action to take after adding the packet. Default is DROP.
|
|
# Pass -- if you don't want to take any action.
|
|
# 2 - Timeout for ipset entry. Default is the timeout specified in
|
|
# DYNAMIC_BLACKLIST or the one specified when the ipset was created.
|
|
#
|
|
###############################################################################
|
|
?if ! "$SW_DBL_IPSET"
|
|
? error The BLACKLIST action may only be used with ipset-based dynamic blacklisting
|
|
?endif
|
|
|
|
DEFAULTS DROP,-
|
|
|
|
#ACTION SOURCE DEST PROTO DPORT SPORT
|
|
#
|
|
# Add to the blacklist
|
|
#
|
|
?if passed(@2)
|
|
ADD($SW_DBL_IPSET:src:@2)
|
|
?elsif $SW_DBL_TIMEOUT
|
|
ADD($SW_DBL_IPSET:src:$SW_DBL_TIMEOUT)
|
|
?else
|
|
ADD($SW_DBL_IPSET:src)
|
|
?endif
|
|
#
|
|
# Dispose of the packet if asked
|
|
#
|
|
?if passed(@1)
|
|
@1
|
|
?endif
|