[Definition]

actionstart = 

actionstop = 

actioncheck =

actionban = ufw <add> <blocktype> from <ip> comment "<comment>"
            ufw <add> <blocktype> out to <ip> comment "<comment>"
            iptables -I DOCKER-USER 1 -s <ip> -j REJECT
            <kill>
            

actionunban = ufw delete <blocktype> from <ip>
              ufw delete <blocktype> out to <ip>
              iptables -D DOCKER-USER -s <ip> -j REJECT


# Option: kill-mode
# Notes.: can be set to ss or conntrack (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
# Example: banaction = ufw[kill-mode=ss]
kill-mode =

# intern conditional parameter used to provide killing mode after ban:
_kill_ =
_kill_ss = ss -K dst "[<ip>]"
_kill_conntrack = conntrack -D -s "<ip>"

# Option: kill
# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode
# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"']
#           banaction = ufw[kill='cutter "<ip>"']
kill = <_kill_<kill-mode>>

[Init]
# Option: add
# Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):
add = prepend

# Option: blocktype
# Notes.: reject or deny
blocktype = deny

# Option: comment
# Notes.: comment for rule added by fail2ban
comment = by Fail2Ban after <failures> attempts against <name>