Last active
May 22, 2021 19:53
-
-
Save AndisGrossteins/0b041d1449b8b65ce4ac92d71f0dd2f3 to your computer and use it in GitHub Desktop.
*DEPRECATED CODE! Please read the replies before using this code or commenting* Updated correct fail2ban for permanent and persistent bans from https://wp.me/p5Ub2q-7w because WordPress.com comments suck for code snippets.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DEPRECATED CODE!!!!1!one!!1 | |
| Please read the replies before using this code or commenting! | |
| For a better solution, use the fail2ban's persistence SQLite database with long purge time. | |
| See this answer on Server Fault StackExchange: https://serverfault.com/a/810798/72732 | |
| [Definition] | |
| # Option: actionstart | |
| # Notes.: command executed once at the start of Fail2Ban. | |
| # Values: CMD | |
| # | |
| actionstart = iptables -N fail2ban-<name> | |
| iptables -A fail2ban-<name> -j RETURN | |
| iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
| cat /etc/fail2ban/persistent.bans | awk '/^fail2ban-<name>/ {print $2}' \ | |
| | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j <blocktype>; done | |
| # Option: actionstop | |
| # Notes.: command executed once at the end of Fail2Ban | |
| # Values: CMD | |
| # | |
| actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> | |
| iptables -F fail2ban-<name> | |
| iptables -X fail2ban-<name> | |
| # Option: actioncheck | |
| # Notes.: command executed once before each actionban command | |
| # Values: CMD | |
| # | |
| actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' | |
| # Option: actionban | |
| # Notes.: command executed when banning an IP. Take care that the | |
| # command is executed with Fail2Ban user rights. | |
| # Tags: See jail.conf(5) man page | |
| # Values: CMD | |
| # | |
| actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype> | |
| if ! grep -q "fail2ban-<name> <ip>" /etc/fail2ban/persistent.bans; then echo "fail2ban-<name> <ip>" >> /etc/fail2ban/persistent.bans; fi |
Hi Guys I followed the guide but f2b give me an error at line 44:
dic 31 00:11:14 raspberrypi fail2ban-server[32170]: Failed during configuration: Error in action definition 'iptables-multiport[name=sshd, bantime="-1", port="ssh", protocol="tcp", chain="<known/chain>"]': Source contains parsing errors
dic 31 00:11:14 raspberrypi fail2ban-server[32170]: [line 44]: 'if ! grep -q "f2b-<name> <ip>" /etc/fail2ban/persistent.bans; then echo "fail2ban-<name> <ip>" >> /etc/fail2ban/persistent.bans; fi\n'
Is it because something has changed at f2b?
Is it because something has changed at f2b?
Hi, @payapony!
Have you read the replies? This one in particular.
none of these examples seem to include modifications for unban
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
sed -i '/fail2ban-<name> <ip>/d' /etc/fail2ban/persistent.bans
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Got it, thanks for info.