In that case you can use sed -i.bak to replace the global ignoreip in
jail.local with all the desired IP addresses, something along the lines of:
(while read IP; do IPs=$IPs" $IP"; done;) < /etc/fail2ban/whitelist.txt; sed
-i.bak "s/ignoreip=.*/ignoreip=$IPs/" /etc/fail2ban/jail.local
(untested)
Yassine.
On Thursday, March 29, 2018, 1:59:52 PM GMT+2, Jaydeep Zala
<jaydeep.z...@ecosmob.com> wrote:
Hello Yassine,
above script not work for mine scenario, while surfing google I find that It
may be working with the use of customized action.
I'd created /etc/fail2ban/action.d/ssh_ignore.conf which looks like
-------------------------------------
[Definition]
actionstart =
actionstop =
actioncheck = /etc/fail2ban/test.txt = <ip>
actionban = fail2ban-client set sshd addignoreip <ip>
actionunban = fail2ban-client set sshd delignoreip <ip>
[Init]
name = default
chain = INPUT
--------------------------------------
but actioncheck condition unban all IP's, I want to Whitelist only IP's which
are mentioned in my test.txt file,
did you find any clue which may only allow IP's are mention in test.txt file,
Now I've to create scenario or condition which fulfill my requirement. can you
Please suggest me some condition for actioncheck ???
thanks & regards,
Jaydeep
On Thu, Mar 29, 2018 at 5:00 PM, chaouche yacine <yacinechaou...@yahoo.com>
wrote:
There's a fail2ban-client set unabnip <IP> command but you also need to provide
the JAIL in which it was banned, so it gets a little complicated, so for each
IP you should issue this command for all the jails you have. For example :
root@messagerie[10.10.10.19] ~ # fail2ban-client set ssh unbanip 49.80.42.240
ERROR NOK: ('IP 49.80.42.240 is not banned',)
IP 49.80.42.240 is not banned
root@messagerie[10.10.10.19] ~ #
root@messagerie[10.10.10.19] ~ # fail2ban-client set postfix-sasl unbanip
49.80.42.240
49.80.42.240
root@messagerie[10.10.10.19] ~ #
The IP was banned in postfix-sasl but not in ssh.
You can probably go from there :
(while read IP; do for jail in ssh postfix-sasl dovecot roundcube-auth (...);
do fail2ban-client set "$jail" unabnip "$IP"; done; done) <
/etc/fail2ban/test.txt.
I haven't tested it but you get the idea.
Yassine.
On Thursday, March 29, 2018, 12:15:14 PM GMT+1, Jaydeep Zala
<jaydeep.z...@ecosmob.com> wrote:
Hello Yassine,
I'd create MySQL query mysql -uuser -ppassword -Ddatabase -s -N -e 'SELECT
GROUP_CONCAT(fw_ip) FROM (fail2ban_whitelist);' > /etc/fail2ban/test.txt
This query in crontab thus it will continue updating the test.txt file
in test.txt I have a list of My Ip's which comes from my database and I've to
whitelist all the IP's which are in my database.
I tried lot's of stuff but I didn't get success to whitelist my IP's.
Can you Please guide me how can I do this or any alternative to this?
thanks & regards,
Jaydeep
On Thu, Mar 29, 2018 at 4:32 PM, chaouche yacine via Fail2ban-users
<fail2ban-users@lists. sourceforge.net> wrote:
Hello Jaydeep,
I was wondering what you mean by dynamically ? can you give a scenario or use
case ?
Yassine
On Thursday, March 29, 2018, 11:01:49 AM GMT+1, Jaydeep Zala
<jaydeep.z...@ecosmob.com> wrote:
Hello guys,
How can I whitelist my IP's dynamically, means from SQL query..?
anyone have an idea about this?
--
Thanks & RegardsJaydeep Zala
------------------------------ ------------------------------ ------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot______
______________________________ ___________
Fail2ban-users mailing list
Fail2ban-users@lists. sourceforge.net
https://lists.sourceforge.net/ lists/listinfo/fail2ban-users
------------------------------ ------------------------------ ------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
______________________________ _________________
Fail2ban-users mailing list
Fail2ban-users@lists. sourceforge.net
https://lists.sourceforge.net/ lists/listinfo/fail2ban-users
--
Thanks & RegardsJaydeep Zala
Ecosmob Technologies Pvt. Ltd.
https://www.ecosmob.com
--
Thanks & RegardsJaydeep Zala
Ecosmob Technologies Pvt. Ltd.
https://www.ecosmob.com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
