software:fail2ban:blacklist
Differences
This shows you the differences between two versions of the page.
Last revisionBoth sides next revision | |||
software:fail2ban:blacklist [2019/08/13 01:44] – created rodolico | software:fail2ban:blacklist [2019/08/13 02:14] – rodolico | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Blacklist IP's from a file ====== | ====== Blacklist IP's from a file ====== | ||
- | fail2ban is designed to dynamically watch logs and ban/unban IP's with bad reputations. However, with a little sneakiness, it can be abused to also load a list of permenantly | + | fail2ban is designed to dynamically watch logs and ban/unban IP's with bad reputations. However, with a little sneakiness, it can be abused to also load a list of permanently |
- | First, we need to create an action, a file to be placed in action.d. I named it blacklistip.conf, | + | Basically, we create a custom action which creates its own chain (under fail2ban' |
+ | |||
+ | We'll create three files, and add a block to jail.local | ||
+ | - list of IP's or subnets, one entry per line | ||
+ | - action file to be stored in actions.d/ | ||
+ | - dummy filter file to be stored in filters.d/ | ||
+ | - modify jail.local | ||
+ | |||
+ | ===== Blacklist File ===== | ||
+ | |||
+ | This is a basic text file with one IP or subnet per line. I store mine in / | ||
+ | |||
+ | <file text ip.blacklist> | ||
+ | 172.104.94.112 | ||
+ | 190.40.235.20 | ||
+ | 190.4.51.122 | ||
+ | 210.186.135.78 | ||
+ | 39.45.148.16 | ||
+ | 193.93.16.14 | ||
+ | 93.174.93.0/ | ||
+ | </ | ||
+ | |||
+ | ===== Action file ===== | ||
+ | Now, we need to create an action, a file to be placed in action.d. I named it blacklistip.conf, | ||
<code conf action.d/ | <code conf action.d/ | ||
Line 38: | Line 61: | ||
# taken directly from the multiport ban script, with the last line | # taken directly from the multiport ban script, with the last line | ||
# inserted to load the IP file | # inserted to load the IP file | ||
+ | # creates a chain, then loads all the IP's into it | ||
actionstart = < | actionstart = < | ||
< | < | ||
Line 45: | Line 69: | ||
# these actions are taken when fail2ban is shut down | # these actions are taken when fail2ban is shut down | ||
- | # | + | # basically, destroys the chain |
actionstop = < | actionstop = < | ||
< | < | ||
Line 58: | Line 82: | ||
</ | </ | ||
- | Now, | + | ===== Filter ===== |
+ | |||
+ | Now, we need a filter, because we are abusing fail2ban. fail2ban assumes you're going to be parsing a log file to find bad guys attacking you, but we already know who we want to block. So, we create a dummy and store it in filter.d/ | ||
+ | |||
+ | < | ||
+ | |||
+ | to our jail if we do. This is simpler. | ||
<file conf filter.d/ | <file conf filter.d/ | ||
Line 78: | Line 108: | ||
</ | </ | ||
- | Finally, add the following block to jail.local | + | ===== Modify jail.local ===== |
+ | |||
+ | jail.local (in the root of the fail2ban configuration directory) is the place to make local modifications. So, we need to add the following block to it. This basically defines a jail named // | ||
+ | |||
+ | The action is specifically defined to be blacklistip (ie, action.d/ | ||
<code conf> | <code conf> | ||
Line 85: | Line 119: | ||
action = blacklistip[name=blacklistip, | action = blacklistip[name=blacklistip, | ||
</ | </ | ||
+ | |||
+ | ===== Test it ===== | ||
+ | |||
+ | Restart fail2ban, then run the following command as root. | ||
+ | |||
+ | <code bash> | ||
+ | |||
+ | You should see a list of all the banned IP's, with an action of drop. And, when you stop fail2ban, it will clean them up also. | ||
+ | |||
+ | ===== Deficiencies ===== | ||
+ | |||
+ | Actually, this should be done on the router, since it will use some memory and processor on your server. Also, there is no way to dynamically add/remove IP's. You must modify the file, then restart fail2ban. | ||
+ | |||
+ | Using fail2ban-client, | ||
+ | B) append/ | ||
+ | but, I haven' | ||
+ | |||
+ | ===== Links ===== | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ |
software/fail2ban/blacklist.txt · Last modified: 2019/08/17 20:21 by rodolico