reaction/reaction.yml

---
definitions:
  - &iptablesban iptables -I reaction 1 -s <ip> -j block
  - &iptablesunban iptables -D reaction 1 -s <ip> -j block

patterns:
  ip: '(([0-9]{1,3}\.){3}[0-9]{1,3})|([0-9a-fA-F:]{2,90})'

streams:
  tailDown:
    cmd: [ "sh", "-c", "echo 'found 1.1.1.1' && sleep 2s && echo 'found 1.1.1.2' && sleep 2s && echo 'found 1.1.1.1' && sleep 1s" ]
    filters:
      findIP:
        regex:
          - found <ip>
        retry: 2
        retry-period: 5s
        actions:
          damn:
            cmd: [ "echo", "<ip>" ]
          sleepdamn:
            cmd: [ "echo", "sleep", "<ip>" ]
            after: 1s
First configuration read 2023-03-23 21:14:53 +01:00			`---`
			`definitions:`
			`- &iptablesban iptables -I reaction 1 -s <ip> -j block`
			`- &iptablesunban iptables -D reaction 1 -s <ip> -j block`

Close #3 2023-03-24 17:36:41 +01:00			`patterns:`
			`ip: '(([0-9]{1,3}\.){3}[0-9]{1,3})\|([0-9a-fA-F:]{2,90})'`
First configuration read 2023-03-23 21:14:53 +01:00
			`streams:`
Close #1 #4 2023-03-24 00:27:51 +01:00			`tailDown:`
close #6 2023-03-25 19:12:11 +01:00			`cmd: [ "sh", "-c", "echo 'found 1.1.1.1' && sleep 2s && echo 'found 1.1.1.2' && sleep 2s && echo 'found 1.1.1.1' && sleep 1s" ]`
First configuration read 2023-03-23 21:14:53 +01:00			`filters:`
Close #3 2023-03-24 17:36:41 +01:00			`findIP:`
Close #1 #4 2023-03-24 00:27:51 +01:00			`regex:`
Close #3 2023-03-24 17:36:41 +01:00			`- found <ip>`
close #6 2023-03-25 19:12:11 +01:00			`retry: 2`
			`retry-period: 5s`
First configuration read 2023-03-23 21:14:53 +01:00			`actions:`
Close #1 #4 2023-03-24 00:27:51 +01:00			`damn:`
Close #3 2023-03-24 17:36:41 +01:00			`cmd: [ "echo", "<ip>" ]`
Close #1 #4 2023-03-24 00:27:51 +01:00			`sleepdamn:`
Close #3 2023-03-24 17:36:41 +01:00			`cmd: [ "echo", "sleep", "<ip>" ]`
			`after: 1s`