added new options kill-mode and kill, which makes the drop of all…

… connections optional
fail2ban · May 6, 2021 · 8f6a8df · 8f6a8df
1 parent 5debaa4
commit 8f6a8df
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
@@ -23,7 +23,7 @@ actionban = if [ -n "<application>" ] && ufw app info "<application>"
             else
               ufw <add> <blocktype> from <ip> to <destination> comment "<comment>"
             fi
-            ss -K dst [<ip>]
+            <kill>
 
 actionunban = if [ -n "<application>" ] && ufw app info "<application>"
               then
@@ -32,6 +32,21 @@ actionunban = if [ -n "<application>" ] && ufw app info "<application>"
                 ufw delete <blocktype> from <ip> to <destination>
               fi
 
+# Option: kill-mode
+# Notes.: can be set to ss (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
+# Example: banaction = ufw[kill-mode=ss]
+kill-mode =
+
+# intern conditional parameter used to provide killing mode after ban:
+_kill_ =
+_kill_ss = ss -K dst "[<ip>]"
+
+# Option: kill
+# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode
+# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"']
+            banaction = ufw[kill='cutter "<ip>"']
+kill = <_kill_<kill-mode>>
+
 [Init]
 # Option: add
 # Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):