Fail2ban for Guacamole

Hello!
Nethserserver’s fail2ban install already have /etc/fail2ban/filter.d/guacamole.conf file so I adjusted only regex.
I have enabled failto ban jail at /etc/fail2ban/jail.d/01-guacamole.conf

[guacamole]
enabled=true
port=80,443
logpath = /var/log/messages
filter = guacamole
banaction=iptables-multiport

After that I can see guacamole on Nethserver Fail2bans application Jails tab.
When I hit enter on wrong password for Apache Guacamole writes at log

[13350]: INFO [guacamole] Found IP date
[13350]: INFO [guacamole] Found IP date
[13350]: INFO [guacamole] Found IP date
[13350]: NOTICE [guacamole] Ban IP already banned

But IP ban does not work (user can access server / site which is blocked)

When I add the line “banaction=iptables-multiport”, the log looks like

[13350]: NOTICE [guacamole] Ban IP
[13350]: INFO [guacamole] Found IP date
[13350]: INFO [guacamole] Found IP date
[13350]: INFO [guacamole] Found IP date

The block works but WEB interface shows " You have no banned IP", also “fail2ban-listban list” no entries.
I can unblock banned IP by "fail2ban-unban " only.

How to accomplish that the banned IP’s shows on the WEB interface and IP block works also?

Thanks!

you need to use shorewall-ipset-proto6 banaction

I have configured banaction=shorewall-ipset-proto6 but there is the same result when there is no banaction configured. WEB interface shows the banned IP, but user can access server.

Nethserver Fail2bans application Jails tab.
IP ban is seen on WEB interface for application (Unban tab) but IP ban does not work (user can access server / site which shows as blocked).

Any ideas?

yep it is normal you must create the set inside ipset

check

/etc/shorewall/initdone

you could create a tempate, lets say /etc/e-smith/templates/etc/shorewall/initdone/15Guacamole

with

system("/usr/sbin/ipset -quiet -exist create f2b-guacamole hash:ip timeout 1800 ");
then
signal-event nethserver-fail2ban-update

you could check the IP blocked in jails with

ipset -L
or
ipset -L f2b-guacamole

I have created ipset but nothing has been changed
ipset -L f2b-guacamole shows ban but server access is not blocked.
Any other file where some important is stored?

Just found the solution. I need to create file with drop definition rule.
/etc/e-smith/templates/etc/shorewall/blrules/30-guacamole
now IP block is working.
Thanks for help!

1 Like

Yep i missed to create the drop rules… Sorry