Hey, I am trying to "abuse" fail2ban to block domains by adding them to fake ip record in `/etc/hosts` to prevent local resolver providing appropriate IPs. (e.g. 192.0.2.1 fqdn.example.com <http://fqdn.example.com/>)
I have set the filtering rules, set the jail configuration, however `usedns=yes/no` is causing me a bit of a problem, since when I tried using `usedns=no`, then all fqdn matches (<HOST>/<DNS>) are skipped. If I try with `fail2ban-regex` and use `raw` or `usedns=no`, everything works as it supposed to, however when running it in server mode, it skips the logline or reports a warning that domain does not have a valid IP (which is either true or PTR does not match). Any ideas how to achieve blocking domains with using fail2ban? Is there a way to pass the actual HOST (fqdn) match to actionban? cheers, --- Jernej
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
