Initial role commit

files/actions/ufw-docker.conf

@@ -0,0 +1,48 @@
+[Definition]
+
+actionstart = 
+
+actionstop = 
+
+actioncheck =
+
+actionban = ufw <add> <blocktype> from <ip> comment "<comment>"
+            ufw <add> <blocktype> out to <ip> comment "<comment>"
+            iptables -I DOCKER-USER 1 -s <ip> -j REJECT
+            <kill>
+            
+
+actionunban = ufw delete <blocktype> from <ip>
+              ufw delete <blocktype> out to <ip>
+              iptables -D DOCKER-USER -s <ip> -j REJECT
+
+
+# Option: kill-mode
+# Notes.: can be set to ss or conntrack (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
+# Example: banaction = ufw[kill-mode=ss]
+kill-mode =
+
+# intern conditional parameter used to provide killing mode after ban:
+_kill_ =
+_kill_ss = ss -K dst "[<ip>]"
+_kill_conntrack = conntrack -D -s "<ip>"
+
+# Option: kill
+# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode
+# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"']
+#           banaction = ufw[kill='cutter "<ip>"']
+kill = <_kill_<kill-mode>>
+
+[Init]
+# Option: add
+# Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):
+add = prepend
+
+# Option: blocktype
+# Notes.: reject or deny
+blocktype = deny
+
+# Option: comment
+# Notes.: comment for rule added by fail2ban
+comment = by Fail2Ban after <failures> attempts against <name>
+