diff options
| author | Duncan Bellamy <dunk@denkimushi.com> | 2023-03-08 09:29:03 +0000 |
|---|---|---|
| committer | Duncan Bellamy <dunk@denkimushi.com> | 2023-03-08 09:29:03 +0000 |
| commit | 9b1417a16912562f15b5e1e252f16d6b1360fa41 (patch) | |
| tree | ee019eb78421f5fabdad77f0b66c258ddd0e119b | |
| parent | b892133d516d1389a647a287a1a3b58e2eece65f (diff) | |
| download | fail2ban-9b1417a16912562f15b5e1e252f16d6b1360fa41.tar.gz | |
apply suggestions
| -rw-r--r-- | config/action.d/mikrotik.conf | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/config/action.d/mikrotik.conf b/config/action.d/mikrotik.conf index 96262587..30e9bac5 100644 --- a/config/action.d/mikrotik.conf +++ b/config/action.d/mikrotik.conf @@ -33,14 +33,14 @@ # from address list to server # # example extract from jail.local overriding some defaults -# action = mikrotik[mtikkeyfile="%(mkeyfile)s", mtikuser="%(muser)s", mtikhost="%(mhost)s", mtiklistname="%(mlistname)s"] +# action = mikrotik[keyfile="%(mkeyfile)s", user="%(muser)s", host="%(mhost)s", list="%(mlist)s"] # # ignoreip = 127.0.0.1/8 192.168.0.0/24 # mkeyfile = /etc/fail2ban/ssh/mykey_id_rsa # muser = myuser # mhost = 192.168.0.1 -# mlistname = BAD LIST +# mlist = BAD LIST [Definition] @@ -48,35 +48,35 @@ actionstart = actionstop = %(actionflush)s -actionflush = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" comment~\"%(startcomment)s-*\"]" +actionflush = %(command)s "/ip firewall address-list remove [find list=\"%(list)s\" comment~\"%(startcomment)s-*\"]" actioncheck = -actionban = %(mtikcommand)s "/ip firewall address-list add list=\"%(mtiklistname)s\" address=<ip> comment=%(mtikcomment)s" +actionban = %(command)s "/ip firewall address-list add list=\"%(list)s\" address=<ip> comment=%(comment)s" -actionunban = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" comment=%(mtikcomment)s]" +actionunban = %(command)s "/ip firewall address-list remove [find list=\"%(list)s\" comment=%(comment)s]" -mtikcommand = ssh -l %(mtikuser)s -p%(mtikport)s -i %(mtikkeyfile)s %(mtikhost)s +mtikcommand = ssh -l %(user)s -p%(port)s -i %(keyfile)s %(host)s -# Option: mktikuser +# Option: user # Notes.: username to use when connecting to routerOS mtikuser = -# Option: mtikport +# Option: port # Notes.: port to use when connecting to routerOS mtikport = 22 -# Option: mtikkeyfile +# Option: keyfile # Notes.: ssh private key to use for connecting to routerOS mtikkeyfile = -# Option: mtikhost +# Option: host # Notes.: hostname or ip of router mtikhost = -# Option: mtiklistname +# Option: list # Notes.: name of "address-list" to use on router -mtiklistname = Auto Fail2Ban +mtiklistname = Fail2Ban # Option: startcomment # Notes.: used as a prefix to all comments, and used to match for flushing rules startcomment = f2b-<name> -# Option: mtikcomment +# Option: comment # Notes.: comment to use on routerOS (must be unique as used for ip address removal) mtikcomment = %(startcomment)s-<ip> |