On 11/9/2019 8:30 AM, Gene Heskett wrote: > I have a list of ipv4's I want fail2ban to block. But amongst the > numerous subdirs for fail2ban, I cannot find one that looks suitable to > put this list of addresses in so the are blocked forever. Can someone > more familiar with how fail2ban works give me a hand? These are the > ipv4 addresses of bingbot, semrush, yandex etc etc that are DDOSing me > by repeatedly downloading my whole site and using up 100% of my upload > bandwidth. > > Thanks all. > > Cheers, Gene Heskett >
Rather then to use fail2ban for this, I would create un ipset that fail2ban can populate then use that ipset in iptables. One advantage of this is that you can add/delete ip from the ipset without having to restart fail2ban/iptables. -- John Doe