Greetings Baptiste et al.
See excerpt from my iptables-multiport.conf file
on my own, small private server:
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j RETURN
<iptables> -I <chain> -p <protocol> -m multiport --dports
<port> -j f2b-<name>
cat /etc/fail2ban/persistent.bans | gawk '/^f2b-<name>/
{print $2}' \
| while read IP; do <iptables> -I f2b-<name> 1 -s $IP -j
DROP; done
/etc/fail2ban/iptables.save > /etc/fail2ban/iptables.saved
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = /etc/fail2ban/iptables.save > /etc/fail2ban/iptables.saved
<iptables> -D <chain> -p <protocol> -m multiport --dports
<port> -j f2b-<name>
<iptables> -F f2b-<name>
<iptables> -X f2b-<name>
Above always e-mails similar message:
Quote
Hi,
The IP 209.141.54.186 has just been banned by Fail2Ban after
1 attempts against apache-access-recidive.
Here is more information about 209.141.54.186 :
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at:https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
#https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
#
NetRange: 209.141.32.0 - 209.141.63.255
CIDR: 209.141.32.0/19
NetName: PONYNET-04
NetHandle: NET-209-141-32-0-1
Parent: NET209 (NET-209-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS53667
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2011-01-27
Updated: 2012-03-25
Ref:https://rdap.arin.net/registry/ip/209.141.32.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2017-01-28
Ref:https://rdap.arin.net/registry/entity/SYNDI-5
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-778-977-8246
OrgTechEmail:ad...@frantech.ca
OrgTechRef:https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-778-977-8246
OrgAbuseEmail:ad...@frantech.ca
OrgAbuseRef:https://rdap.arin.net/registry/entity/FDI19-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at:https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
#https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
#
Regards,
Fail2Ban
Unquote
I believe this is what you're seeking for.
Best regards.
Tom
On 2021-10-18 12:40, Baptiste via Fail2ban-users wrote:
Hello folks,
I search through the wiki but could not find a list of actions variables.
When configuring an action you can pass a variable eg here :
action = log[logpath="%(logpath)s"]
=> would pass logpath to the log action
Specifically, I am looking for a variable that would output the whole
banned request, and not just the ip. Using grep on logpath by ip is
not ideal either since a lot of lines might be concerned by that
specific ip.
Thanks for your help.
--
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie
antywirusowe Avast.
https://www.avast.com/antivirus
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
