> > > I have a list of ipv4's I want fail2ban to block. > > > > Not sure that fail2ban is the best tool for the job. Where you already > > have a list of IPs that you want to block why not just directly create > > the iptables rules? > > just did that, got most of them but semrush apparently has fallback addys > to use. But I'm no longer being DDOSed, which was the point. Thanks.
In case it wasn't already clear, what fail2ban does is parse a log file looking for repeated instances of an invalid login (or whatever). You have to tell it what to look for, and what to do about it. The typical use is with an ssh server, looking for rapid, repeated login failures. If enough failed logins occur from a single IP, then it adds a firewall rule to block that IP address. Hence "fail 2 ban", i.e. "fail -> ban". If you already know the IP addresses/ranges that you want to block, you don't need fail2ban. But once again, I really think you'd be better served by blocking this particular bot based on user-agent string, assuming it has an easily identifiable user-agent in your log files. That way, when it changes its IP address, it'll still be blocked. I *know* I told you to look at your log files, and to turn on user-agent logging if necessary. I don't remember seeing you ever *post* your log files here, not even a single line from a single instance of this bot. Maybe I missed it.
