need a litle help in getting fail2ban formating and writing a file on a 1- 24 hour basic for use in a mikrotik firewall/router to put hackers in a honypot. Nethserver is acting as mailserver only, but the same ip address from fail2ban jails can i find on my webserver.
Hi Davide
Hmmmm. I am a litle further than that @stephdl has made great improvement to the use of fail2ban in nethserver, soo not to breake any config files and to mess around to mutch in the config files of fail2ban I need a solution to get fail2ban to generate a file.
and let Mikrotik router fetch the file and opdate the shit list.
the mikrotik link you refered to is a pc software router setup.
I still think the link does exactly what you need, fail2ban installed on a linux machine, when a ban occurs the linux machine connects to the tik board through ssh and dumps commands that ban the IP detected as malicious
If you want it the other way around, just make it so that the fail2ban “banaction” prints those commands in a file and then you’d need a script on the mikrotik that connects to the linux machine and fetches that file every now and then, making it not “real time”
Fail2ban is installed on Nethserver. ? and my mikrotik router is an RB2011 acting as a switch. I want to set it up as a firewall aswell to protect my webserver and put all the bad IP’s from the nethserver’s fail2ban in my Mikrotik router. Block bad IP’s as close to the edge of my network as possible.
It only take 2 rules to do it.
Yes you right BUT !!!
Nethserver 7 is getting a lot of updates so if I make a change in the config files I do not know when it stop working yes I can make many checks but as longe as Nethserver still is in development I don’t want to
so I need a little help in scripting to do the job OR perhaps it might be an option in the fail2ban setup.
That is valid for both solutions, either you make Mikrotik fetch the file, or push commands to Mikrotik from NS, if fail2ban on NS stops working because you customized the code and then it is overwritten by an update, everything stops
Anyway, if you don’t want to push commands from NS to mikrotik but want mikrotik to fetch the file, you can write a script on the routerboard using the Fetch tool, allows you to fetch (duh) a file from a remote system through http(s), then use its content to write firewall rules on mikrotik
You could then use NS shared folders as the destination folder for fail2ban file you want to generate and let mikrotik fetch tool use that path to get the file
You also need a way to empty or delete that file once it has been processed by mikrotik, otherwise subsequent imports could cause trouble in your mikrotik firewall configuration with duplicate rules
Seems a lot more complicated than just letting fail2ban push commands to the routerboard!
The idea to block IP to the microtik router following a Ban IP list from the nethserver is a good idea ONLY if you have several Nethserver on your lan.
For just one NS, let’s fail2ban works, it will be better. My 2C
It should be possible to implement the idea from the Mikrotik presentation.
regarding my network:
I use NS as my mailserver and another Linux server for hosting my webpages
have tried several mailservers over the years from the first sme server and up
must say, Nethserver is the best so far.
But from the first sme server HACKERS was not so big a problem, today you have to deal with SPAMMERS and HACKERS and good know what else and TOR browsers