Fail2Ban Feature Request: share permanently banned IPs and add export/import options

fail2ban

(Duncan Rix) #1

Hello community.

Not sure if this should be aimed more at the developers of file2ban or the neth dev’s but here goes.

I currently run two internet facing nethserver’s both running fail2ban, and both on the same LAN. I would like these servers to share there list’s of permanently band IP’s.

Also the ability to export/import band IP’s would be good.

Food for though.


(Rob Bosch) #2

Maybe I am over enthousiastic: make this a central repo of ‘known offenders’ that you can activate and give a perma-ban…
@stephdl


(Stéphane de Labrusse) #3

I would like to answer quicker but this issue is maybe hard to implement and I am not sure it worth it.

Let me think on it, as a developer I would be happy to implement the solution, but as a maintainer, I worry about it :slight_smile:

We could find hints on the www, with mysql or sftp solution, so people has thought about it, but if we centralise the database of attackers, why to ban a mysql brute force attacker (for example) on all servers if other systems in the cloud farm do not run mysql.


(Bill ) #4

Collect a database of offending IP addresses and then launch automated ddos attacks against them. Then track down the person or persons responsible, put them in stocks in the Public Square and allow people to throw garbage at them, see how they like it.


(HF) #5

That would be illegal.


(Marc) #6

fail2ban-client allows to manually ban an IP for specified jail, that could be of use here.


(Duncan Rix) #7

Thanks for all the responses.

I have recently had a re-jig of my servers and for the first time used the config backup/restore feature. Very impressed with how well it works. I did notice though it does not restore the list of all ready band IP’s, so Fail2Ban is starting over.

Sounds like syncing IP lists between server’s automaticly is a headache from a dev point of view. Just the ability to manuely copy and past IP’s from webconfig would be good enough for me.


(Rob Bosch) #8

Just to satisfy my curiosity… Did you set the bantime to indefinate/permanent? If I am not mistaken, the default threshold for a ban is 3 hours. Personally I have set the bantime to 1 day.


(Duncan Rix) #9

Yes I believe I have.

“Recidive jail is perpetual” option I have ticked.


(Stéphane de Labrusse) #10

copy /var/lib/nethserver/fail2ban/fail2ban.json in the same location of your new server


(Duncan Rix) #11

Thanks for this I’ll give it ago at some point.