[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fail2Ban Question: Can I do this without restarting the service?

On 08/16/2018 09:52 AM, john doe wrote:
On 8/16/2018 1:45 PM, cyaiplexys wrote:
On 08/16/2018 02:36 AM, john doe wrote:
On 8/16/2018 3:29 AM, cyaiplexys wrote:
I have a list of IP addresses I want to ban and I put them in /etc/fail2ban/action.d/iptables-multiport.conf as so:

cat /etc/fail2ban/ip.blacklist.perm | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done

(that was supposed to be all on one line, of course)

So, I have read that when you do things this way, you MUST restart fail2ban (sudo service fail2ban restart).

Is there a better way to do this? I have a cron job that gathers IP addresses that get more than 1,000 hits from the apache log file and that gets put in the ip.blacklist.perm file.

I know *nothing* about fail2ban. I just read of this technique via Google. But when using Google, I can't find another way to do this that doesn't require a restart of the service.

Any ideas on other ways to do this?

I would use ipset.
Googling "fail2ban ipset" gives some interesting stuff.

Thank you for the magic search term. :) I tried it and found at least 3 articles I bookmarked for reading.

To query the status and start/stop/restart the service fail2ban, beginning with Debian 8 you would use 'systemd':
$ systemctl status/start/restart/stop fail2ban

Also increasing log verbosity when setting up fail2ban might not hurt.


The problem is, I want to update things *without* having to restart the fail2ban service for ever time I make a change. (I already know now to start/stop/restart).

Reply to: