mirror of
https://github.com/xiaoxinpro/nginx-proxy-manager-zh.git
synced 2025-01-23 21:28:15 -05:00
92 lines
2.6 KiB
Plaintext
92 lines
2.6 KiB
Plaintext
## Version 2023/02/16
|
|
#
|
|
# Fail2Ban action configuration for OPNsense
|
|
# Author: https://linuxserver.io/
|
|
#
|
|
# Please ensure jail.local permission are secure (640) as it contains your OPNsense API key
|
|
#
|
|
# OPNsense API Key/Secret guide: https://docs.opnsense.org/development/how-tos/api.html
|
|
#
|
|
# This action maintains an OPNsense HOST group alias.
|
|
#
|
|
# Configure OPNsense with:
|
|
# A correctly named empty HOST group alias.
|
|
# An associated firewall rule.
|
|
#
|
|
# In most instances the OPNsense rule will likely take the form of a INBOUND WAN DROP but specifics are left to user discretion.
|
|
#
|
|
# WARNING: This action allows connections to default OPNsense installs deployed with self signed TLS certificates.
|
|
# If required disable this by setting `allow_insecure = false` in your `jail.local`
|
|
#
|
|
|
|
[Definition]
|
|
|
|
# Option: actionstart
|
|
# Notes.: command executed once at the start of Fail2Ban.
|
|
# Values: CMD
|
|
#
|
|
#actionstart =
|
|
|
|
# Option: actionstop
|
|
# Notes.: command executed once at the end of Fail2Ban
|
|
# Values: CMD
|
|
#
|
|
#actionstop =
|
|
|
|
# Option: actioncheck
|
|
# Notes.: command executed once before each actionban command
|
|
# Values: CMD
|
|
#
|
|
#actioncheck =
|
|
|
|
# Option: actionban
|
|
# Notes.: command executed when banning an IP. Take care that the
|
|
# command is executed with Fail2Ban user rights.
|
|
# Tags: See jail.conf(5) man page
|
|
# Values: CMD
|
|
#
|
|
actionban = curl <_allow_insecure> -s -u "<key>":"<secret>" -H "Content-Type: application/json" -d '{"address":"<ip>"}' https://<firewall>/api/firewall/alias_util/add/<alias>
|
|
|
|
# Option: actionunban
|
|
# Notes.: command executed when unbanning an IP. Take care that the
|
|
# command is executed with Fail2Ban user rights.
|
|
# Tags: See jail.conf(5) man page
|
|
# Values: CMD
|
|
#
|
|
actionunban = curl <_allow_insecure> -s -u "<key>":"<secret>" -H "Content-Type: application/json" -d '{"address":"<ip>"}' https://<firewall>/api/firewall/alias_util/delete/<alias>
|
|
|
|
# Internal variable handler for `allow_insecure`
|
|
_allow_insecure = $(if [ '<allow_insecure>' = true ]; then echo ' -k '; else echo ''; fi;)
|
|
|
|
[Init]
|
|
|
|
# Option: alias
|
|
# Notes.: The OPNsense host group name to add the Fail2ban IP to.
|
|
# Values: [ STRING ]
|
|
#
|
|
alias =
|
|
|
|
# Option: firewall
|
|
# Notes.: Your OPNsense IP or DNS name.
|
|
# Values: [ STRING ]
|
|
#
|
|
firewall =
|
|
|
|
# Option: key
|
|
# Notes.: Your OPNsense user key.
|
|
# Values: [ STRING ]
|
|
#
|
|
key =
|
|
|
|
# Option: secret
|
|
# Notes.: Your OPNsense user secret.
|
|
# Values: [ STRING ]
|
|
#
|
|
secret =
|
|
|
|
# Option: allow_insecure
|
|
# Notes.: Allow connections to default OPNsense installs deployed with self signed TLS certificates.
|
|
# Values: [ BOOLEAN ]
|
|
#
|
|
allow_insecure = true
|