On 8/16/2018 3:29 AM, cyaiplexys wrote:
I have a list of IP addresses I want to ban and I put them in
/etc/fail2ban/action.d/iptables-multiport.conf as so:
cat /etc/fail2ban/ip.blacklist.perm | while read IP; do iptables -I
fail2ban-<name> 1 -s $IP -j DROP; done
(that was supposed to be all on one line, of course)
So, I have read that when you do things this way, you MUST restart
fail2ban (sudo service fail2ban restart).
Is there a better way to do this? I have a cron job that gathers IP
addresses that get more than 1,000 hits from the apache log file and
that gets put in the ip.blacklist.perm file.
I know *nothing* about fail2ban. I just read of this technique via
Google. But when using Google, I can't find another way to do this
that doesn't require a restart of the service.
Any ideas on other ways to do this?
I would use ipset.
Googling "fail2ban ipset" gives some interesting stuff.