Fail2Ban Feature Improvements

Good Day Friends;

I have been using the mail module and recently started using fail2ban. I was interested in a feature to permanently ban repeat offenders.

Recently i noticed that i have been getting frequent repetitive attacks from one particular IP Address. In order to block these i currently create a firewall group and block all traffic from this group. I then create a host for each offending IP and add it to that group.

It would be preferable to have an option to set jails to automatically drop/block any connections from offending IPs after a preset number of tries. It would also be nice to be able to manually add/remove IP from this list.

I must admit that i am not well versed with terminal commands and tend to prefer gui to get things done when i can.

Let me know what you all think.

T. Jerez

Maybe are you talking about a sort of firewall block list?

Something like this:

• http://shorewall.org/blacklisting_support.htm
• IP blacklist on nethserver
• Firewall Block Lists
• http://iplists.firehol.org/

I Like the idea at the link you showed [quote=“giacomo, post:2, topic:9045”]

Basically i am doing shorewall to block the sites, but it is tedious and i need to manually enter these, for example last night i had three distinct IP addresses attack nonstop (well as soon as the timeout expired) i didn’t see it till this morning, which is when i added them to a firewall DROP group i created, but i must do this one ip at a time and add a name, which gets tedious when i have a few of them.

Would be great if Fail2Ban would automatically add these users to permanent Jail after x consecutive jails.

I would also recommend that Fail2Ban be included in the Nethserver Software Center, I only came up on it by chance after i ran into a tutorial from @stephdl which lead me to start browsing his repository. It should be an integral part of Nethserver Security that everyone should have.

this is what the recidive jail does, so you want a perpetual jails

who knows, The Times They Are A Changing

I like the idea, but it should not be something allowed per default

I had to go do some reading I didn’t look into recidive until you mentioned it, and after checking my logs i saw that some IPs are being banned with recidive.

I still however believe that it is too complicated for novices like myself to fiddle with these settings via commands as opposed to a basic gui for each jail allowing easy configuration of the settings. Especially on my production server. My end-users are like wolves, they will eat me alive if any service fails