Does fail2ban store banned IPs in db? Is there a way to monitor banned ips for jails in ISPConfig webgui?
You can view the banned IPs for a jail with Code: fail2ban-client status JAILNAME Replace JAILNAME with the correct jailname.
Yes I know that, but this is not very convenient on multiserver setup. Nevertheless for dovecot i get Status for the jail: dovecot |- Filter | |- Currently failed: 0 | |- Total failed: 14 | `- File list: /var/log/mail.log `- Actions |- Currently banned: 0 |- Total banned: 1 `- Banned IP list: What is this ban for?
It is currently not possible through the GUI as we can't monitor all jails that might be in use. It shows you currently no one is banned, one IP once was. It was banned because, well, it had too many failed login attempts.
now it make sense. Thanks. It would be a nice feature though to add a tool to monitor bans as well as to manually remove/add jail bans
This is hard to do as the monitoring is updated with a cronjob, and it's hard to say which jails to monitor.
You could have the slave server list jails (fail2ban-client does that) and loop through active jails to get the status and return what is reported to the master server. To unban an ip would work in the other direction, creating an event for the slave server with the jail name and ip to unban. You could create a feature request for it, though my guess is it wouldn't be very high priority. And I'm not sure how practical, as generally when I'm looking into mail issues and determine fail2ban is at play, I'm already logged in the mail server anyways, so heading over to the ispconfig interface to create a task which will be run one minute later would just be a nuisance on a number of levels. If mail users are regularly tripping the dovecot jail when you are helping them set up a new mailbox (so you are in the ui, not logged into the mail server), you probably need to relax the limits in that jail.
