On 08/16/2018 09:52 AM, john doe wrote:
On 8/16/2018 1:45 PM, cyaiplexys wrote:
On 08/16/2018 02:36 AM, john doe wrote:
On 8/16/2018 3:29 AM, cyaiplexys wrote:
I have a list of IP addresses I want to ban and I put them in
/etc/fail2ban/action.d/iptables-multiport.conf as so:
cat /etc/fail2ban/ip.blacklist.perm | while read IP; do iptables -I
fail2ban-<name> 1 -s $IP -j DROP; done
(that was supposed to be all on one line, of course)
So, I have read that when you do things this way, you MUST restart
fail2ban (sudo service fail2ban restart).
Is there a better way to do this? I have a cron job that gathers IP
addresses that get more than 1,000 hits from the apache log file and
that gets put in the ip.blacklist.perm file.
I know *nothing* about fail2ban. I just read of this technique via
Google. But when using Google, I can't find another way to do this
that doesn't require a restart of the service.
Any ideas on other ways to do this?
I would use ipset.
Googling "fail2ban ipset" gives some interesting stuff.
Thank you for the magic search term. :) I tried it and found at least
3 articles I bookmarked for reading.
To query the status and start/stop/restart the service fail2ban,
beginning with Debian 8 you would use 'systemd':
$ systemctl status/start/restart/stop fail2ban
Also increasing log verbosity when setting up fail2ban might not hurt.
https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04
The problem is, I want to update things *without* having to restart the
fail2ban service for ever time I make a change. (I already know now to
start/stop/restart).
