I'm trying to set up what I'm calling an auto whitelist. Basically, I
have multiple users behind a NAT. If there's a successful authentication
from an IP, I want to add that IP to the ignore list so that it can't be
banned. This will prevent a situation where I have 30 users from the
same public IP logging into email, and one of them enters their password
incorrectly a couple of times, and then all 30 users are banned.
This is all working well. However, after implementing this, fail2ban now
hangs when trying to stop the service. Systemd eventually times it out
and kills the service and all is well, but now it takes 90 seconds
(without some sort of manual intervention) to stop/restart the service.
Here's what I've changed in the config:
/etc/fail2ban/jail.d/asterisk-whitelist.conf
[asterisk-whitelist]
enabled = true
port = 5060,5061,5038
logpath = /var/log/asterisk/full
action = ignoreip[name=asterisk]
maxretry = 1
bantime = 2592000
/etc/fail2ban/actions.d/ignoreip.conf
[Definition]
actionstart =
actionstop =
actionban = fail2ban-client set <name> addignoreip <ip>
actionunban = fail2ban-client set <name> delignoreip <ip>
[Init]
name = default
chain = INPUT
/etc/fail2ban/filter.d/asterisk-whitelist.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = asterisk
__pid_re = (?:\s*\[\d+\])
iso8601 = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+[+-]\d{4}
log_prefix=
(?:NOTICE|SECURITY|WARNING|VERBOSE)%(__pid_re)s:?(?:\[C-[\da-f]*\])?
[^:]+:\d*(?:(?: in)? \w+:)?
prefregex = ^%(__prefix_line)s%(log_prefix)s <F-CONTENT>.+</F-CONTENT>$
failregex = ^.*Contact .*\/sip[s]?:.*@<HOST>.* is now Reachable.*
ignoreregex =
This all functions the way I want it to, except...
When I attempt to stop or restart the service, what I see is the
fail2ban-client process trying to remove previously-ignored IPs during
the shutdown process, but it's hung. If I kill this process, then the
service stops. Or, if I leave it be, then systemd will time it out in 90
seconds. My guess is that the server service has stopped, so
fail2ban-client has nothing with which to communicate.
Any thoughts on how to resolve this?
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
