[Fail2ban] ban ip manually no ip table entry

Fri, 22 Feb 2013 12:13:54 -0800 

Hello,
I have found this patch (http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html) witch is implement in Fail2ban 0.8.6-3wheezy1. 

But when I run the command like:

root@debian-test:~# fail2ban-client set ssh banip 1.2.3.4
1.2.3.4
root@debian-test:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

fail2ban-ssh  tcp  --  anywhere             anywhere             
multiport dports ssh


Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
DROP       all  --  192.168.1.1          anywhere
RETURN     all  --  anywhere             anywhere
root@debian-test:~#

nothink is ban.

root@debian-test:~# tail -f /var/log/fail2ban.log
2013-02-22 12:31:21,535 fail2ban.jail   : INFO   Jail 'ssh' stopped
2013-02-22 12:31:21,541 fail2ban.server : INFO   Exiting Fail2ban

2013-02-22 12:31:22,002 fail2ban.server : INFO   Changed logging target 
to /var/log/fail2ban.log for Fail2ban v0.8.6

2013-02-22 12:31:22,004 fail2ban.jail   : INFO   Creating new jail 'ssh'
2013-02-22 12:31:22,008 fail2ban.jail   : INFO   Jail 'ssh' uses Gamin

2013-02-22 12:31:22,026 fail2ban.filter : INFO   Added logfile = 
/var/log/auth.log

2013-02-22 12:31:22,027 fail2ban.filter : INFO   Set maxRetry = 2
2013-02-22 12:31:22,029 fail2ban.filter : INFO   Set findtime = 600
2013-02-22 12:31:22,029 fail2ban.actions: INFO   Set banTime = 600
2013-02-22 12:31:22,060 fail2ban.jail   : INFO   Jail 'ssh' started
^C
root@debian-test:~#

Sometimes it log

2013-02-22 12:20:56,987 fail2ban.comm   : WARNING Invalid command: 
['set', 'ssh-iptables', 'banip', '1.2.3.4']
but after a restart the fail2ban-client set ssh banip 1.2.3.4 command 
run without this log entry.



can anybody explain how the command works?

or how i can debug the fail2ban server? run  /usr/bin/fail2ban-server -f 
only "log" start and stop the server but says nothink about ban (run 
iptables command for example)


Background:

I have a IP list and would ban that IPs dynamical for a defined time 
(e.g. 1 week) similar to the ssh bans.



--

To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/5127594b.4060...@arcor.de















    











					Reply via email to