Re: fail2ban for apache2

To: debian-user@lists.debian.org
Subject: Re: fail2ban for apache2
From: mett <mett@pmars.jp>
Date: Sat, 09 Nov 2019 16:49:16 +0900
Message-id: <[🔎] 6190DF4E-53F6-4560-A084-069A10A624A7@pmars.jp>
In-reply-to: <[🔎] 201911090230.57430.gheskett@shentel.net>
References: <[🔎] 201911090230.57430.gheskett@shentel.net>

On 2019年11月9日 16:30:57 JST, Gene Heskett <gheskett@shentel.net> wrote:

I have a list of ipv4's I want fail2ban to block. But amongst the 
numerous subdirs for fail2ban, I cannot find one that looks suitable to 
put this list of addresses in so the are blocked forever.  Can someone 
more familiar with how fail2ban works give me a hand?  These are the 
ipv4 addresses of bingbot, semrush, yandex etc etc that are DDOSing me 
by repeatedly downloading my whole site and using up 100% of my upload 
bandwidth.

Thanks all.

Cheers, Gene Heskett

Hi,

In this case, better to use iptables
directly:

iptables -I INPUT 14 -s IP.ADD.RE.SS -j DROP

-where I is for "Insert"
-14 is the line nber of insertion
-where s is for "source"
-where j is for "jump to"
-also, u can check current table
with line-number by issuing:
iptables -L -nv --line-numbers

u can even script it for availability
across reboot;

by the way
depending debian version,
iptables might have been
replaced by nft.

hth!

Reply to:

Follow-Ups:
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>

References:
- fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: fail2ban for apache2
Next by Date: Re: fail2ban for apache2
Previous by thread: Re: fail2ban for apache2
Next by thread: Re: fail2ban for apache2
Index(es):
- Date
- Thread