Hello. Yes. Port knocking logic is too close I need. Now I do virtual-whitelist jail with actionban = ACCEPT. And failregex = good request. So if user take good req it added to whitelist. And for next bantime will not rejected. But: User in fact added in 2 ipsets (whitelist and ban jail). My whitelist awfully big (cause there is every good user in it). F2b log has a lot of "already banned" lines (cause user allowed with whitelist but can send bad req).
So I'm in searching some like IP reputation. IP req matched 2 times as fail, and 5 times as good. Summ is +3. Ok IP req matched 10 times as fail and 0 as good. Summ -10. Ban. чт, 18 авг. 2022 г., 19:23 Philip Clarke <n...@bouncing.org>: > Have you considered doing port knocking for your users? They point web > browser to a location, it registers the request, that ip is given a pass > for fail2ban or iptables. A simple listening script would suffice, either > implementing an “Unban” if locked out or possibly some genius with iptables > could skip the whole thing and code it in a one liner :) > > On 18 Aug 2022, at 10:33, Denis <d...@oxip.me> wrote: > > Hello. > > Unfortunately users has dynamic IPs and there are a lot of users. I can't > manually add every one. > On 16.08.2022 23:39, Roman Pikalo wrote: > > One of options would be to use "ignoreip" in your jail configuration to > ignore certain IP-s or even subnets. Of course that means that have that IP > list. > > ----- > Roman > > > On Mon, Aug 15, 2022 at 11:04 AM Denis <d...@oxip.me> wrote: > >> Hello. >> >> I configured f2b for strict enough policy. >> >> Some normal users can banned with false positive. >> >> Is it possible to skip banning if user has good requests for findtime? >> (not lines with ignoreregex but add IP's reputation) >> >> Or decrease IP's bad count if it get good req? (goodregex?) >> >> >> >> >> >> _______________________________________________ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> > > > [image: Linkedin icon] <https://www.linkedin.com/company/funderbeam> [image: > Twitter icon] <https://twitter.com/funderbeam> [image: Facebook icon] > <https://www.facebook.com/Funderbeam> [image: Youtube icon] > <https://www.youtube.com/channel/UCzJk98eNyBTBr0CsT_YTlcg?sub_confirmation=1> > > The Global Funding and Trading Platform of private companies. > > Copenhagen London Singapore Tallinn Zagreb > > www.funderbeam.com > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > >
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
