Fail2ban jails file for use in mikrotik firewall

NethServer Version: 7 finale

need a litle help in getting fail2ban formating and writing a file on a 1- 24 hour basic for use in a mikrotik firewall/router to put hackers in a honypot. Nethserver is acting as mailserver only, but the same ip address from fail2ban jails can i find on my webserver.

best regards
Fjord

Hi Fjord,

Something like this?

If you’d like to have fail2ban installed automagically, I suppose you could start with this awesome module from @stephdl and expand from there

Hi Davide
Hmmmm. I am a litle further than that
@stephdl has made great improvement to the use of fail2ban in nethserver, soo not to breake any config files and to mess around to mutch in the config files of fail2ban I need a solution to get fail2ban to generate a file.
and let Mikrotik router fetch the file and opdate the shit list.

the mikrotik link you refered to is a pc software router setup.

I have ben looking at that site http://looke.ch/wp/list-based-permanent-bans-with-fail2ban
havent tried it yet

Best regards
Fjord

the file will end up loking like this

/ip firewall address-list
add list=dynamicBlacklist address=1.10.16.0/20 timeout=“1d 01:00:00” comment=Blacklisted
add list=dynamicBlacklist address=1.116.0.0/14 timeout=“1d 01:00:00” comment=Blacklisted
add list=dynamicBlacklist address=1.186.172.218 timeout=“1d 01:00:00” comment=Blacklisted
add list=dynamicBlacklist address=1.196.88.136 timeout=“1d 01:00:00” comment=Blacklisted

?

I must be missing something!

I still think the link does exactly what you need, fail2ban installed on a linux machine, when a ban occurs the linux machine connects to the tik board through ssh and dumps commands that ban the IP detected as malicious

If you want it the other way around, just make it so that the fail2ban “banaction” prints those commands in a file and then you’d need a script on the mikrotik that connects to the linux machine and fetches that file every now and then, making it not “real time”

Excuse me if i’m getting this wrong!

English is not my best :grinning:

Fail2ban is installed on Nethserver. ? and my mikrotik router is an RB2011 acting as a switch. I want to set it up as a firewall aswell to protect my webserver and put all the bad IP’s from the nethserver’s fail2ban in my Mikrotik router. Block bad IP’s as close to the edge of my network as possible.
It only take 2 rules to do it.

:slight_smile::slight_smile::grinning:
Yes you right BUT !!!
Nethserver 7 is getting a lot of updates so if I make a change in the config files I do not know when it stop working yes I can make many checks but as longe as Nethserver still is in development I don’t want to
so I need a little help in scripting to do the job OR perhaps it might be an option in the fail2ban setup. :grinning:

best regards
Fjord

That is valid for both solutions, either you make Mikrotik fetch the file, or push commands to Mikrotik from NS, if fail2ban on NS stops working because you customized the code and then it is overwritten by an update, everything stops

Anyway, if you don’t want to push commands from NS to mikrotik but want mikrotik to fetch the file, you can write a script on the routerboard using the Fetch tool, allows you to fetch (duh) a file from a remote system through http(s), then use its content to write firewall rules on mikrotik

You could then use NS shared folders as the destination folder for fail2ban file you want to generate and let mikrotik fetch tool use that path to get the file

You also need a way to empty or delete that file once it has been processed by mikrotik, otherwise subsequent imports could cause trouble in your mikrotik firewall configuration with duplicate rules

Seems a lot more complicated than just letting fail2ban push commands to the routerboard!

The idea to block IP to the microtik router following a Ban IP list from the nethserver is a good idea ONLY if you have several Nethserver on your lan.

For just one NS, let’s fail2ban works, it will be better. My 2C

Is it possible to implement this idea in Nethserver ?

PDF of Presentation: https://faelix.link/mum16

MUM Video: https://faelix.link/mum16video

It should be possible to implement the idea from the Mikrotik presentation.

regarding my network:
I use NS as my mailserver and another Linux server for hosting my webpages
have tried several mailservers over the years from the first sme server and up
must say, Nethserver is the best so far.
But from the first sme server HACKERS was not so big a problem, today you have to deal with SPAMMERS and HACKERS and good know what else and TOR browsers

best regards
Fjord

I’m using both SME9 and NS, both with fail2ban (Steph made it available on both OSes)…

making a comparison regarding spammes, I still find SME more configurable and efficent in spam fight…