Charles,
For #2 you can easily manually add the 17,000 IP's to ipset using
the command "ipset add {set-name} IP_address". It would be trivial
to create a script to do it, or put your list of IP's into Excel,
create a text field with "ipset add {set-name} " then join
I would be interested in the script you use to place the IPs into the
ipsets if you feel like sharing.
--
Jeremy Baker
GnuPGP fingerprint =
EE66 AC49 E008 E09A 7A2A 0195 50EF 580B EDBB 95B6
On 02/12/2016 09:13 AM, Nick Howitt wrote:
> Charles,
>
> For #2 you can easily manually
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Maybe an interesting side note: fail2ban is built to quickly ban *and*
unban problematic ip addresses. The whole nature of fail2ban is (IMHO)
in the fact that it automatically unbans ip addresses after a while.
However, you state that you have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Please don't reply off-list. See comments below.
On 12-02-16 17:17, Charles Bradshaw wrote:
> Hi Tom
>
> Humm.. yes we agree that storing vast numbers of bans in fail2ban
> is the wrong approach. Duplicate data always is.
>
> I'm unfamiliar
My script has some heritage from one found on the ipset site and
heavily hacked. I also broke down the one I saw into different bits.
In /etc/cron.daily:
#!/bin/sh
#
# Update emerging fwrules ipset
#
# * checks online for newer fwrev
# *
Hi Nick,
Below is a verbatim copy
of /var/fail2ban/action.d//iptables-ipset-proto4.conf
it is dated Aug 1 2015 and was installed from the CentOS repo. Observe
the note in the actionstop clause. There is a similar file for IPv6. The
jail evoking it is below that.
~ o ~
# Fail2Ban configuration
Is there a way to get fail2ban to recognise and use a newly created log file in
a newly created virtual server with out restarting fail2ban.
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM +
In response to Charles:
For #2, after you empty actionunban, write a script to iterate thru your ipset
and for each IP issue:
fail2ban-client set unbanip
now fail2ban forgets about them and since actionunban is empty they're still in
the ipset. No duplicate data.
For #3, some admins don't
Or easier for #2:
1:root@elmo dns]$ cat /etc/redhat-release
Fedora release 22 (Twenty Two)
[1:root@elmo dns]$ ls /var/lib/fail2ban/
fail2ban.sqlite3
Rename that puppy.
Bill
On 2/12/2016 6:15 PM, Bill Shirley wrote:
> In response to Charles:
> For #2, after you empty actionunban, write a script