Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
software:fail2ban:blacklist

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
software:fail2ban:blacklist [2019/08/13 02:14] rodolicosoftware:fail2ban:blacklist [2019/08/17 20:21] (current) rodolico
Line 117: Line 117:
 [blacklistip] [blacklistip]
 enabled = true enabled = true
 +bantime = -1
 action = blacklistip[name=blacklistip,filename='/etc/fail2ban/ip.blacklist'] action = blacklistip[name=blacklistip,filename='/etc/fail2ban/ip.blacklist']
 </code> </code>
Line 128: Line 129:
 You should see a list of all the banned IP's, with an action of drop. And, when you stop fail2ban, it will clean them up also. You should see a list of all the banned IP's, with an action of drop. And, when you stop fail2ban, it will clean them up also.
  
-===== Deficiencies =====+===== Convenience Script =====
  
-Actuallythis should be done on the routersince it will use some memory and processor on your serverAlsothere is no way to dynamically add/remove IP'sYou must modify the file, then restart fail2ban.+As it standsto add a new IP to the blacklistyou must add it to the blacklist IP file, then restart fail2banA better option is to use fail2ban-clientwhich is a cli for fail2ban. The following Perl script automates the entire process. 
 +  - Add IP to the blacklist file 
 +  - blacklist the IP vai fail2ban-client while the system is running 
 + 
 +<code perl blacklistIP> 
 +#! /usr/bin/env perl 
 + 
 +use strict; 
 +use warnings; 
 + 
 +my $IP = shift; 
 +my $JAIL='blacklistip'; 
 +my $BLACKLIST='/etc/fail2ban/ip.blacklist'; 
 +my $FAIL2BAN_CLIENT = '/usr/bin/fail2ban-client'; 
 + 
 + 
 + 
 +if ( $IP && $IP =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ ) { 
 +   open BANNED, ">>$BLACKLIST" or die "Could not append $BLACKLIST: $!\n"; 
 +   print BANNED "$IP\n"; 
 +   close BANNED; 
 +   `$FAIL2BAN_CLIENT set $JAIL banip $IP`; 
 +} else { 
 +   print "Usage: $0 IP_ADDRESS\n"; 
 +
 + 
 +1; 
 +</code> 
 + 
 + 
 +===== Deficiencies =====
  
-Using fail2ban-clientyou can add IP's (or remove them) from this list, so a simple script should be able to A) append/remove the IP from ip.blacklist +  * Actually, this should be done on the router, since it will use some memory and processor on your server. Also, there is no way to dynamically add/remove IP's. You must modify the file, then restart fail2ban
-B) append/remove the IP from the f2b-blacklistip chain +  * The blacklist file should really have a date/time stamp on each entry so you can clean it up based on how long ago something was added. I have stuff in my blacklist file from several years agoand they have probably been cleaned up since. This could be done by adding a delimiter (colons are common) to separate it into fields. may do that soon. 
-but, I haven't written one yet.+    * It would be nice to have an optional comment also. 
 +    * It would be nice to be able to do something like "Remove everything except those from other countries", so comparing things against a geoiplist or something.
  
 ===== Links ===== ===== Links =====
software/fail2ban/blacklist.txt · Last modified: 2019/08/17 20:21 by rodolico