fail2ban patch: ban IP address manually

fail2ban bans IP address of attackers it gathers from service logs (Apache, postfix, etc). It has a command line utility to start/stop fail2ban, plus getting status reports, etc. But it didn’t have a command to manually add a banned IP for a certain jail. This patch adds that functionality. I’ve sent it to Cyril today (Apr 10, 2009), but I’m posting it here cause I never got a response from Cyril on other matters, so I’m not sure if he’s getting my messages šŸ™‚

Example usage:

fail2ban-client set ssh-iptables banip 4.5.6.7

Hope it’s useful for you!

Acerca de Buanzo

Io que se!
Esta entrada fue publicada en General. Guarda el enlace permanente.

9 respuestas a fail2ban patch: ban IP address manually

  1. Juan dijo:

    It would be also useful to link to the fail2ban website: http://www.fail2ban.org šŸ™‚

  2. I have installed this patch and get the following error –

    $ sudo fail2ban-client set ssh-iptables banip 1.2.3.4
    Invalid command (no set action or not yet implemented)

    Can you please sugest where I have gone wrong.
    Thank in advance, Kenneth.

  3. Julien dijo:

    Yes… it doesn’t work… Something missing?

    > fail2ban-client set postfix banip 72.51.206.24

    [LOG] Feb 13 14:12:18 XXX fail2ban.comm : WARNING Invalid command: [‘set’, ‘postfix’, ‘banip’, ‘72.51.206.24’]

  4. Julien dijo:

    Been trying to see what’s going wrong but it seems that the command is not recognized as a Ā«setĀ» command and trigger the exception in ‘transmitter.py’ in :

    def proceed(self, command):

    => except Exception, e:
    logSys.warn(Ā«Invalid command: Ā» + `command`)

    And the exception is raised because we couldn’t pass successfully this bloc:

    def __commandHandler(self, command):
    […]
    elif command[0] == Ā«setĀ»:
    return self.__commandSet(command[1:])
    elif command[0] == Ā«getĀ»:
    return self.__commandGet(command[1:])
    elif command[0] == Ā«statusĀ»:
    return self.status(command[1:])
    raise Exception(Ā«Invalid commandĀ»)

    …Help!

  5. Pfudd dijo:

    I installed fail2ban from the Fedora 12 repository (fail2ban-0.8.4-24.fc12.noarch.rpm), and the banip command fails in a different way:

    # fail2ban-client set ssh-iptables banip 1.2.3.4
    global name ‘time’ is not defined
    #

  6. joua06 dijo:

    Me too sale ob : global name ?time? is not defined

  7. Steffen dijo:

    An Ā«unbanipĀ» command would be nice too:

    fail2ban-client set ssh-iptables unbanip 1.2.3.4

  8. John (System6Hosting) dijo:

    You need to restart fail2ban, that should fix the invalid command error.

    Also, in server/filter.py you need to import time to fix the global not defined error.

    Change Ā«import logging, reĀ» to Ā«import logging, re, timeĀ».

  9. januzi dijo:

    Hi

    I’m trying to get fail2ban to work. First of all, I can’t use –dports in iptables, because it says that it can’t find chain. Oh well, I can deal with that and use single port. The problem is with banning ip by hand. I fixed that problem with time. Unfortunately, all I get is echo with ip. Iptables -L shows that there are no rules in fail2ban chain. If I add that ip with iptables -I everything is fine. So, how do I know that fail2ban is working as it should? And, is there an easier way to test filters ?

Los comentarios estƔn cerrados.