This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
software:fail2ban:blacklist [2019/08/13 02:14] rodolico |
software:fail2ban:blacklist [2019/08/17 20:21] (current) rodolico |
||
---|---|---|---|
Line 117: | Line 117: | ||
[blacklistip] | [blacklistip] | ||
enabled = true | enabled = true | ||
+ | bantime = -1 | ||
action = blacklistip[name=blacklistip,filename='/etc/fail2ban/ip.blacklist'] | action = blacklistip[name=blacklistip,filename='/etc/fail2ban/ip.blacklist'] | ||
</code> | </code> | ||
Line 128: | Line 129: | ||
You should see a list of all the banned IP's, with an action of drop. And, when you stop fail2ban, it will clean them up also. | You should see a list of all the banned IP's, with an action of drop. And, when you stop fail2ban, it will clean them up also. | ||
- | ===== Deficiencies ===== | + | ===== Convenience Script ===== |
- | Actually, this should be done on the router, since it will use some memory and processor on your server. Also, there is no way to dynamically add/remove IP's. You must modify the file, then restart fail2ban. | + | As it stands, to add a new IP to the blacklist, you must add it to the blacklist IP file, then restart fail2ban. A better option is to use fail2ban-client, which is a cli for fail2ban. The following Perl script automates the entire process. |
+ | - Add IP to the blacklist file | ||
+ | - blacklist the IP vai fail2ban-client while the system is running | ||
+ | |||
+ | <code perl blacklistIP> | ||
+ | #! /usr/bin/env perl | ||
+ | |||
+ | use strict; | ||
+ | use warnings; | ||
+ | |||
+ | my $IP = shift; | ||
+ | my $JAIL='blacklistip'; | ||
+ | my $BLACKLIST='/etc/fail2ban/ip.blacklist'; | ||
+ | my $FAIL2BAN_CLIENT = '/usr/bin/fail2ban-client'; | ||
+ | |||
+ | |||
+ | |||
+ | if ( $IP && $IP =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ ) { | ||
+ | open BANNED, ">>$BLACKLIST" or die "Could not append $BLACKLIST: $!\n"; | ||
+ | print BANNED "$IP\n"; | ||
+ | close BANNED; | ||
+ | `$FAIL2BAN_CLIENT set $JAIL banip $IP`; | ||
+ | } else { | ||
+ | print "Usage: $0 IP_ADDRESS\n"; | ||
+ | } | ||
+ | |||
+ | 1; | ||
+ | </code> | ||
+ | |||
+ | |||
+ | ===== Deficiencies ===== | ||
- | Using fail2ban-client, you can add IP's (or remove them) from this list, so a simple script should be able to A) append/remove the IP from ip.blacklist | + | * Actually, this should be done on the router, since it will use some memory and processor on your server. Also, there is no way to dynamically add/remove IP's. You must modify the file, then restart fail2ban. |
- | B) append/remove the IP from the f2b-blacklistip chain | + | * The blacklist file should really have a date/time stamp on each entry so you can clean it up based on how long ago something was added. I have stuff in my blacklist file from several years ago, and they have probably been cleaned up since. This could be done by adding a delimiter (colons are common) to separate it into fields. I may do that soon. |
- | but, I haven't written one yet. | + | * It would be nice to have an optional comment also. |
+ | * It would be nice to be able to do something like "Remove everything except those from other countries", so comparing things against a geoiplist or something. | ||
===== Links ===== | ===== Links ===== |