Tag - iptables

Entries feed - Comments feed

Wednesday, January 8 2020

Banning Repeat With Fail2ban

If wont to prevent brute force on ssh service good choice is Fail2Ban, but If wont to ban attackers were repeatedly got ban by Fail2Ban on luckily we can easy setup "Repeat" service for permanent ban of attacker.

nano /etc/fail2ban/jail.d/repeat.conf

enabled  = true
filter   = repeat
logpath  = /var/log/fail2ban.log
bantime  = 31536000   ; 1 year
findtime = 31536000   ; 1 year

nano /etc/fail2ban/filter.d/repeat.conf

before = common.conf

_daemon = fail2ban\.actions\s*
_jailname = repeat
failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
ignoreregex =

journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5

nano /etc/fail2ban/action.d/repeat.conf

actionban = if ! <iptables> -C f2b-<name> -s <ip> -j DROP; then <iptables> -I f2b-<name> 1 -s <ip> -j DROP; fi
if ! grep -Fxq '<ip>,<name>' /etc/fail2ban/ip.blacklist; then echo '<ip>,<name>' >> /etc/fail2ban/ip.blacklist; fi
actionunban = # Do nothing becasuse their IP is in the blocklist file


After success created this files, just restart Fail2Ban service and that is all.


Page top