apt install fail2ban
- known issue: IPV6s fail to block with ufw banaction
- currently only blocks stretch repo abuse.
iptables -L ufw-user-input -n|fgrep REJECT
fail2ban-client unban %IP%
modify config, then fail2ban-client reload
in /etc/fail2ban/
./jail.local
[DEFAULT]
banaction = ufw
banaction_allports = ufw
./jail.d/apt-repo-abuse.local
[apt-repo-abuse]
enabled = true
port = http,https
logpath = /var/log/nginx/access-apt.log
bantime = 7d
maxretry = 24
findtime = 4h
#banaction = dummy
filter = apt-repo-abuse
./fail2ban.d/logging-level.local
[Definition]
loglevel = NOTICE
./filter.d/apt-repo-abuse.local
Definition]
#98.246.95.223 - - [15/Jul/2020:06:25:37 +0000] "GET /dists/stretch/main/Contents-armhf.gz HTTP/1.1" 200 6404140 "-" "Debian APT-HTTP/1.3 (1.8.2)"
#98.246.95.223 - - [15/Jul/2020:06:25:38 +0000] "GET /dists/stretch/main/Contents-arm64.gz HTTP/1.1" 200 5957287 "-" "Debian APT-HTTP/1.3 (1.8.2)"
failregex = ^<HOST> -.*"(GET|POST|HEAD) /dists/stretch/main/Contents-(armhf|arm64)\.gz.*$