User Tools
software:fail2ban:blacklist
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
software:fail2ban:blacklist [2019/08/13 02:14] rodolico |
software:fail2ban:blacklist [2019/08/17 20:21] (current) rodolico |
||
|---|---|---|---|
| Line 117: | Line 117: | ||
| [blacklistip] | [blacklistip] | ||
| enabled = true | enabled = true | ||
| + | bantime = -1 | ||
| action = blacklistip[name=blacklistip,filename='/etc/fail2ban/ip.blacklist'] | action = blacklistip[name=blacklistip,filename='/etc/fail2ban/ip.blacklist'] | ||
| </code> | </code> | ||
| Line 128: | Line 129: | ||
| You should see a list of all the banned IP's, with an action of drop. And, when you stop fail2ban, it will clean them up also. | You should see a list of all the banned IP's, with an action of drop. And, when you stop fail2ban, it will clean them up also. | ||
| - | ===== Deficiencies ===== | + | ===== Convenience Script ===== |
| - | Actually, this should be done on the router, since it will use some memory and processor on your server. Also, there is no way to dynamically add/remove IP's. You must modify the file, then restart fail2ban. | + | As it stands, to add a new IP to the blacklist, you must add it to the blacklist IP file, then restart fail2ban. A better option is to use fail2ban-client, which is a cli for fail2ban. The following Perl script automates the entire process. |
| + | - Add IP to the blacklist file | ||
| + | - blacklist the IP vai fail2ban-client while the system is running | ||
| + | |||
| + | <code perl blacklistIP> | ||
| + | #! /usr/bin/env perl | ||
| + | |||
| + | use strict; | ||
| + | use warnings; | ||
| + | |||
| + | my $IP = shift; | ||
| + | my $JAIL='blacklistip'; | ||
| + | my $BLACKLIST='/etc/fail2ban/ip.blacklist'; | ||
| + | my $FAIL2BAN_CLIENT = '/usr/bin/fail2ban-client'; | ||
| + | |||
| + | |||
| + | |||
| + | if ( $IP && $IP =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ ) { | ||
| + | open BANNED, ">>$BLACKLIST" or die "Could not append $BLACKLIST: $!\n"; | ||
| + | print BANNED "$IP\n"; | ||
| + | close BANNED; | ||
| + | `$FAIL2BAN_CLIENT set $JAIL banip $IP`; | ||
| + | } else { | ||
| + | print "Usage: $0 IP_ADDRESS\n"; | ||
| + | } | ||
| + | |||
| + | 1; | ||
| + | </code> | ||
| + | |||
| + | |||
| + | ===== Deficiencies ===== | ||
| - | Using fail2ban-client, you can add IP's (or remove them) from this list, so a simple script should be able to A) append/remove the IP from ip.blacklist | + | * Actually, this should be done on the router, since it will use some memory and processor on your server. Also, there is no way to dynamically add/remove IP's. You must modify the file, then restart fail2ban. |
| - | B) append/remove the IP from the f2b-blacklistip chain | + | * The blacklist file should really have a date/time stamp on each entry so you can clean it up based on how long ago something was added. I have stuff in my blacklist file from several years ago, and they have probably been cleaned up since. This could be done by adding a delimiter (colons are common) to separate it into fields. I may do that soon. |
| - | but, I haven't written one yet. | + | * It would be nice to have an optional comment also. |
| + | * It would be nice to be able to do something like "Remove everything except those from other countries", so comparing things against a geoiplist or something. | ||
| ===== Links ===== | ===== Links ===== | ||
software/fail2ban/blacklist.1565680453.txt.gz · Last modified: 2019/08/13 02:14 by rodolico
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
