[Fail2ban] ban ip manually no ip table entry

To: debian-user@lists.debian.org
Subject: [Fail2ban] ban ip manually no ip table entry
From: basti <black.fledermaus@arcor.de>
Date: Fri, 22 Feb 2013 12:40:59 +0100
Message-id: <[🔎] 5127594B.4060209@arcor.de>

Hello,

I have found this patch(http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html)witch is implement in Fail2ban 0.8.6-3wheezy1.


But when I run the command like:

root@debian-test:~# fail2ban-client set ssh banip 1.2.3.4
1.2.3.4
root@debian-test:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

fail2ban-ssh tcp -- anywhere anywheremultiport dports ssh


Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
DROP       all  --  192.168.1.1          anywhere
RETURN     all  --  anywhere             anywhere
root@debian-test:~#

nothink is ban.

root@debian-test:~# tail -f /var/log/fail2ban.log
2013-02-22 12:31:21,535 fail2ban.jail   : INFO   Jail 'ssh' stopped
2013-02-22 12:31:21,541 fail2ban.server : INFO   Exiting Fail2ban

2013-02-22 12:31:22,002 fail2ban.server : INFO Changed logging targetto /var/log/fail2ban.log for Fail2ban v0.8.6

2013-02-22 12:31:22,004 fail2ban.jail   : INFO   Creating new jail 'ssh'
2013-02-22 12:31:22,008 fail2ban.jail   : INFO   Jail 'ssh' uses Gamin

2013-02-22 12:31:22,026 fail2ban.filter : INFO Added logfile =/var/log/auth.log

2013-02-22 12:31:22,027 fail2ban.filter : INFO   Set maxRetry = 2
2013-02-22 12:31:22,029 fail2ban.filter : INFO   Set findtime = 600
2013-02-22 12:31:22,029 fail2ban.actions: INFO   Set banTime = 600
2013-02-22 12:31:22,060 fail2ban.jail   : INFO   Jail 'ssh' started
^C
root@debian-test:~#

Sometimes it log

2013-02-22 12:20:56,987 fail2ban.comm : WARNING Invalid command:['set', 'ssh-iptables', 'banip', '1.2.3.4']but after a restart the fail2ban-client set ssh banip 1.2.3.4 commandrun without this log entry.



can anybody explain how the command works?

or how i can debug the fail2ban server? run /usr/bin/fail2ban-server -fonly "log" start and stop the server but says nothink about ban (runiptables command for example)


Background:

I have a IP list and would ban that IPs dynamical for a defined time(e.g. 1 week) similar to the ssh bans.

Reply to:

Prev by Date: RE: Open new session with same user (in GDM)
Next by Date: LXC status on Wheezy
Previous by thread: Re: use another /dev/tty0 as /dev/random
Next by thread: LXC status on Wheezy
Index(es):
- Date
- Thread