Update page '9. UFW action file'
							parent
							
								
									3ce3284847
								
							
						
					
					
						commit
						689f3ef083
					
				
							
								
								
									
										30
									
								
								9.-UFW-action-file.md
									
									
									
									
									
										Normal file
									
								
							
							
								
								
								
								
									
									
								
								
								
							
						
						
									
										30
									
								
								9.-UFW-action-file.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,30 @@ | |||||||
|  | ## UFW action file (*action.d/ufw.conf*) | ||||||
|  | 
 | ||||||
|  | This is the file that tells F2B what commands to send to UFW to block and unblock a system.  You can see that the '*actionban*' and '*actionunban*' sections simply add and remove rules from UFW which drop/reject packets from the offending system.  I have only changed the '*blocktype*' from it's default (reject) to *deny*. | ||||||
|  | 
 | ||||||
|  | ```ini | ||||||
|  | # Option: blocktype | ||||||
|  | # Notes.: reject or deny | ||||||
|  | #blocktype = reject | ||||||
|  | blocktype = deny | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | The important part of '*actionban*' works like this: | ||||||
|  | 
 | ||||||
|  | ```PHP | ||||||
|  | ufw insert <insertpos> <blocktype> from <ip> to <destination> | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | The variables defined in the configuration file are summarized as: | ||||||
|  | 
 | ||||||
|  | ```Ini | ||||||
|  | [Init] | ||||||
|  | insertpos = 1 | ||||||
|  | blocktype = deny | ||||||
|  | destination = any | ||||||
|  | application = | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | So, this rule adds a new rule (*insert*) at position 1 (*insertpos*) which denies (*blocktype*) packets from the offending system's IP (*ip*) destined for any address (which obviously includes this system).  Importantly, each rule is added at *position 1* which means they have priority over any other otherwise defined (i.e. allowed) traffic. | ||||||
|  | 
 | ||||||
|  | The '*actionunban*' simply deletes the rule to remove the block. | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user