On 2019-11-04 03:32, Bernardo Reino wrote:
> You can create a custom action like:
> $ cat /etc/fail2ban/action.d/local_action.conf
> [Definition]
> actionban = /usr/local/sbin/fail2ban_action.sh add <ip>
> actionunban = /usr/local/sbin/fail2ban_action.sh delete <ip>
> actioncheck =
> actionstart =
> actionstop =
>
> [Init]
> $
>
> (exactly as is, the "<ip>" will then be replaced by fail2ban with the IP
> to be blocked/unblocked).
>
> Then in /usr/local/sbin/fail2ban_action.sh you write whatever you need to
> add or delete an IP from the filter.
>
> In my case it is:
>
> $ cat /usr/local/sbin/fail2ban_action.sh
> #!/bin/sh
>
> # nftables, set = fail2ban
> nft $1 element inet filter fail2ban { $2 } 2>&1
>
> exit 0
> $
>
> If the firewall were remote instead of local, I would just change the
> nft invocation to "ssh firewall nft ..."
>
> Once set, you only need to adapt your /etc/fail2ban/jail.local to use
>
> --
> banaction = local_action
> --
> (or whatever name you choose for the action .conf file)
>
> and of course, if not done already, enable the [sasl] module, like:
>
> --
> [sasl]
> enabled = true
> port = smtp,smtps,submission
> filter = postfix-sasl
> logpath = /var/log/mail.log
> --
>
> Hope that helps!
> Good luck.
>
Thanks for the mini-howto, Bernardo! I'll give it another try.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
