daily autocommit

diff --git a/.etckeeper b/.etckeeper
index 085140b213f273450d7062a52e63f4b368f1bc1d..910e6e8dc37fa782ef060367a764dba769d0f3be 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -1780,6 +1780,8 @@ maybe chmod 0644 'systemd/resolved.conf'
 maybe chmod 0755 'systemd/system'
 maybe chmod 0644 'systemd/system.conf'
 maybe chmod 0755 'systemd/system/default.target.wants'
+maybe chmod 0755 'systemd/system/fail2ban.service.d'
+maybe chmod 0644 'systemd/system/fail2ban.service.d/netfilter.conf'
 maybe chmod 0755 'systemd/system/getty.target.wants'
 maybe chmod 0755 'systemd/system/getty@.service.d'
 maybe chmod 0644 'systemd/system/getty@.service.d/noclear.conf'

diff --git a/iptables/rules.v4 b/iptables/rules.v4
index 7fac94fd5725b071d7b1168bf902305ef65dc232..c8b1321794d8e629e1ec81848833db43c0b0a75d 100644 (file)
--- a/iptables/rules.v4
+++ b/iptables/rules.v4
@@ -1,26 +1,10 @@
-# Generated by iptables-save v1.6.0 on Wed Apr 17 10:32:49 2019
+# Generated by iptables-save v1.6.0 on Mon May 27 11:41:44 2019
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [151:34894]
-:f2b-apache - [0:0]
-:f2b-apache-modsecurity - [0:0]
-:f2b-apache-nohome - [0:0]
-:f2b-apache-noscript - [0:0]
-:f2b-apache-overflows - [0:0]
-:f2b-postfix - [0:0]
-:f2b-ssh - [0:0]
-:f2b-sshd - [0:0]
+:OUTPUT ACCEPT [79:11463]
 :icinga2 - [0:0]
 :rejects - [0:0]
--A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh
--A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix
--A INPUT -p tcp -m multiport --dports 0:65535 -j f2b-sshd
--A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-nohome
--A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
--A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-overflows
--A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-noscript
--A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache
 -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
@@ -36,57 +20,6 @@
 -A INPUT -j rejects
 -A INPUT -p tcp -m multiport --dports 445 -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
--A f2b-apache -j RETURN
--A f2b-apache -j RETURN
--A f2b-apache -j RETURN
--A f2b-apache -j RETURN
--A f2b-apache -j RETURN
--A f2b-apache-modsecurity -j RETURN
--A f2b-apache-modsecurity -j RETURN
--A f2b-apache-modsecurity -j RETURN
--A f2b-apache-modsecurity -j RETURN
--A f2b-apache-modsecurity -j RETURN
--A f2b-apache-nohome -j RETURN
--A f2b-apache-nohome -j RETURN
--A f2b-apache-nohome -j RETURN
--A f2b-apache-nohome -j RETURN
--A f2b-apache-nohome -j RETURN
--A f2b-apache-noscript -j RETURN
--A f2b-apache-noscript -j RETURN
--A f2b-apache-noscript -j RETURN
--A f2b-apache-noscript -j RETURN
--A f2b-apache-noscript -j RETURN
--A f2b-apache-overflows -j RETURN
--A f2b-apache-overflows -j RETURN
--A f2b-apache-overflows -j RETURN
--A f2b-apache-overflows -j RETURN
--A f2b-apache-overflows -j RETURN
--A f2b-postfix -j RETURN
--A f2b-postfix -j RETURN
--A f2b-postfix -j RETURN
--A f2b-postfix -j RETURN
--A f2b-postfix -j RETURN
--A f2b-ssh -s 58.242.83.39/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 58.242.83.38/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 34.220.15.156/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 40.73.0.32/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 132.232.18.180/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 160.120.130.219/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 119.29.197.54/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 91.234.24.6/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 45.55.20.128/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 212.64.0.80/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable
--A f2b-ssh -j RETURN
--A f2b-ssh -j RETURN
--A f2b-ssh -j RETURN
--A f2b-ssh -j RETURN
--A f2b-ssh -j RETURN
--A f2b-sshd -j RETURN
--A f2b-sshd -j RETURN
--A f2b-sshd -j RETURN
--A f2b-sshd -j RETURN
--A f2b-sshd -j RETURN
 -A icinga2 -s 185.102.95.107/32 -j ACCEPT
 -A icinga2 -s 162.254.24.33/32 -j ACCEPT
 -A icinga2 -s 185.48.118.128/32 -j ACCEPT
@@ -105,4 +38,4 @@
 -A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
 -A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
 COMMIT
-# Completed on Wed Apr 17 10:32:49 2019
+# Completed on Mon May 27 11:41:44 2019

diff --git a/iptables/rules.v6 b/iptables/rules.v6
index 32f866f8cd8333457c3378042263934db60f17df..2e61329a68ccd20a90b4c3d6d85ec9dd17eea872 100644 (file)
--- a/iptables/rules.v6
+++ b/iptables/rules.v6
@@ -1,8 +1,8 @@
-# Generated by ip6tables-save v1.6.0 on Wed Apr 17 10:32:49 2019
+# Generated by ip6tables-save v1.6.0 on Mon May 27 11:41:44 2019
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [863770:361407270]
+:OUTPUT ACCEPT [81943:35489398]
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
 -A INPUT -p ipv6-icmp -j ACCEPT
@@ -25,4 +25,4 @@
 -A FORWARD -j NFLOG --nflog-prefix  "IPv6 FORWARD Reject " --nflog-threshold 1
 -A FORWARD -j REJECT --reject-with icmp6-port-unreachable
 COMMIT
-# Completed on Wed Apr 17 10:32:49 2019
+# Completed on Mon May 27 11:41:44 2019

diff --git a/systemd/system/fail2ban.service.d/netfilter.conf b/systemd/system/fail2ban.service.d/netfilter.conf
new file mode 100644 (file)
index 0000000..be0fa83
--- /dev/null
+++ b/systemd/system/fail2ban.service.d/netfilter.conf
@@ -0,0 +1,5 @@
+[Unit]
+After=netfilter-persistent.service
+PartOf=netfilter-persistent.service
+
+# vim: syntax=systemd