Permanently Ban an IP

Discussion in 'General' started by scorpious, Jul 4, 2018.

  1. scorpious

    scorpious Member

    Hi All
    Server setup The Perfect Server - Debian 8.4 Jessie updates to 8.11
    Is there away to permanently ban an IP, the following IP is constantly trying to connect
    2018-07-04 16:50:16,129 fail2ban.actions[4041]: WARNING [postfix-sasl] Unban 181.214.206.116
    2018-07-04 16:51:52,246 fail2ban.actions[4041]: WARNING [postfix-sasl] Ban 181.214.206.116
    Or is there any software I can install to Ban Ip's

    Cheers
    Scorp
     
    scorpious, Jul 4, 2018
    #1
  2. RootEtsy

    RootEtsy New Member

    Hi Scorp,
    I think what you're looking for is the recidive filter in fail2ban. Here is the config that's in the default jail.conf file in my Debian 9 install.
    Code:
    [recidive]
logpath  = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime  = 604800  ; 1 week
findtime = 86400   ; 1 day
    But that's not enabled by default. Here is what I use in my jail.local file to enable it and set it like I want.
    Code:
    [recidive]
enabled = true
maxretry=3
action = iptables-allports[name=recidive]
    With all of that in place if an IP trips 3 filters of any combination in a 24 hour period they will be banned for a week. :)

    Cheers,
    rootetsy
     
    RootEtsy, Jul 4, 2018
    #2
    Jesse Norell likes this.
  3. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    recidive is a nice solution for that, though you might check your fail2ban log and make sure you don't see any legitimate clients that are getting blocked regularly, or they'll go from a shorter duration they may have just put up with to a week-long block.
     
    Jesse Norell, Jul 5, 2018
    #3

Share This Page