Hi All Server setup The Perfect Server - Debian 8.4 Jessie updates to 8.11 Is there away to permanently ban an IP, the following IP is constantly trying to connect 2018-07-04 16:50:16,129 fail2ban.actions[4041]: WARNING [postfix-sasl] Unban 181.214.206.116 2018-07-04 16:51:52,246 fail2ban.actions[4041]: WARNING [postfix-sasl] Ban 181.214.206.116 Or is there any software I can install to Ban Ip's Cheers Scorp
Hi Scorp, I think what you're looking for is the recidive filter in fail2ban. Here is the config that's in the default jail.conf file in my Debian 9 install. Code: [recidive] logpath = /var/log/fail2ban.log banaction = %(banaction_allports)s bantime = 604800 ; 1 week findtime = 86400 ; 1 day But that's not enabled by default. Here is what I use in my jail.local file to enable it and set it like I want. Code: [recidive] enabled = true maxretry=3 action = iptables-allports[name=recidive] With all of that in place if an IP trips 3 filters of any combination in a 24 hour period they will be banned for a week. Cheers, rootetsy
recidive is a nice solution for that, though you might check your fail2ban log and make sure you don't see any legitimate clients that are getting blocked regularly, or they'll go from a shorter duration they may have just put up with to a week-long block.
