Fail2Ban Feature Improvements

fail2ban

(Tyron Jerez) #1

Good Day Friends;

I have been using the mail module and recently started using fail2ban. I was interested in a feature to permanently ban repeat offenders.

Recently i noticed that i have been getting frequent repetitive attacks from one particular IP Address. In order to block these i currently create a firewall group and block all traffic from this group. I then create a host for each offending IP and add it to that group.

It would be preferable to have an option to set jails to automatically drop/block any connections from offending IPs after a preset number of tries. It would also be nice to be able to manually add/remove IP from this list.

I must admit that i am not well versed with terminal commands and tend to prefer gui to get things done when i can.

Let me know what you all think.

T. Jerez


(Giacomo Sanchietti) #2

Maybe are you talking about a sort of firewall block list?

Something like this:


(Tyron Jerez) #3

I Like the idea at the link you showed [quote=“giacomo, post:2, topic:9045”]


[/quote]

Basically i am doing shorewall to block the sites, but it is tedious and i need to manually enter these, for example last night i had three distinct IP addresses attack nonstop (well as soon as the timeout expired) i didn’t see it till this morning, which is when i added them to a firewall DROP group i created, but i must do this one ip at a time and add a name, which gets tedious when i have a few of them.

Would be great if Fail2Ban would automatically add these users to permanent Jail after x consecutive jails.

I would also recommend that Fail2Ban be included in the Nethserver Software Center, I only came up on it by chance after i ran into a tutorial from @stephdl which lead me to start browsing his repository. It should be an integral part of Nethserver Security that everyone should have.


(Stéphane de Labrusse) #4

this is what the recidive jail does, so you want a perpetual jails :slight_smile:

who knows, The Times They Are A Changing


(Stéphane de Labrusse) #5

I like the idea, but it should not be something allowed per default


(Tyron Jerez) #6

I had to go do some reading :sweat_smile: I didn’t look into recidive until you mentioned it, and after checking my logs i saw that some IPs are being banned with recidive.

I still however believe that it is too complicated for novices like myself to fiddle with these settings via commands as opposed to a basic gui for each jail allowing easy configuration of the settings. Especially on my production server. My end-users are like wolves, they will eat me alive if any service fails :rofl: