User Tools

Site Tools


software:fail2ban:blacklist

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
software:fail2ban:blacklist [2019/08/13 02:14]
rodolico
software:fail2ban:blacklist [2019/08/17 20:21] (current)
rodolico
Line 117: Line 117:
 [blacklistip] [blacklistip]
 enabled = true enabled = true
 +bantime = -1
 action = blacklistip[name=blacklistip,​filename='/​etc/​fail2ban/​ip.blacklist'​] action = blacklistip[name=blacklistip,​filename='/​etc/​fail2ban/​ip.blacklist'​]
 </​code>​ </​code>​
Line 128: Line 129:
 You should see a list of all the banned IP's, with an action of drop. And, when you stop fail2ban, it will clean them up also. You should see a list of all the banned IP's, with an action of drop. And, when you stop fail2ban, it will clean them up also.
  
-===== Deficiencies ​=====+===== Convenience Script ​=====
  
-Actuallythis should be done on the routersince it will use some memory and processor on your serverAlsothere is no way to dynamically add/remove ​IP'sYou must modify the file, then restart ​fail2ban.+As it standsto add a new IP to the blacklistyou must add it to the blacklist IP file, then restart fail2banA better option is to use fail2ban-clientwhich is a cli for fail2ban. The following Perl script automates the entire process. 
 +  - Add IP to the blacklist file 
 +  - blacklist the IP vai fail2ban-client while the system is running 
 + 
 +<code perl blacklistIP>​ 
 +#! /usr/bin/env perl 
 + 
 +use strict; 
 +use warnings; 
 + 
 +my $IP = shift; 
 +my $JAIL='blacklistip';​ 
 +my $BLACKLIST='/​etc/​fail2ban/​ip.blacklist';​ 
 +my $FAIL2BAN_CLIENT = '/​usr/​bin/​fail2ban-client';​ 
 + 
 + 
 + 
 +if ( $IP && $IP =~ m/^\d{1,3}\.\d{1,​3}\.\d{1,​3}\.\d{1,​3}$/​ ) { 
 +   open BANNED, ">>​$BLACKLIST"​ or die "Could not append $BLACKLIST: $!\n";​ 
 +   print BANNED "​$IP\n";​ 
 +   close BANNED; 
 +   ​`$FAIL2BAN_CLIENT set $JAIL banip $IP`; 
 +} else { 
 +   print "​Usage:​ $0 IP_ADDRESS\n";​ 
 +
 + 
 +1; 
 +</​code>​ 
 + 
 + 
 +===== Deficiencies =====
  
-Using fail2ban-clientyou can add IP's (or remove them) from this list, so a simple script ​should be able to A) append/​remove ​the IP from ip.blacklist +  * Actually, this should be done on the router, since it will use some memory and processor on your server. Also, there is no way to dynamically add/remove IP's. You must modify the file, then restart fail2ban
-B) append/remove the IP from the f2b-blacklistip chain +  * The blacklist file should really have a date/time stamp on each entry so you can clean it up based on how long ago something was added. I have stuff in my blacklist file from several years agoand they have probably been cleaned up since. This could be done by adding a delimiter (colons are common) to separate it into fields. ​may do that soon. 
-but, I haven'​t written one yet.+    * It would be nice to have an optional comment also. 
 +    * It would be nice to be able to do something like "​Remove everything except those from other countries",​ so comparing things against a geoiplist or something.
  
 ===== Links ===== ===== Links =====
software/fail2ban/blacklist.1565680453.txt.gz · Last modified: 2019/08/13 02:14 by rodolico