fail2ban patch: ban IP address manually

fail2ban bans IP address of attackers it gathers from service logs (Apache, postfix, etc). It has a command line utility to start/stop fail2ban, plus getting status reports, etc. But it didn’t have a command to manually add a banned IP for a certain jail. This patch adds that functionality. I’ve sent it to Cyril today (Apr 10, 2009), but I’m posting it here cause I never got a response from Cyril on other matters, so I’m not sure if he’s getting my messages :)

Example usage:

fail2ban-client set ssh-iptables banip 4.5.6.7

Hope it’s useful for you!

Artículos relacionados:

Si te gustó este articulo, ¿ Porque no dejas un comentario a continuación y continuas la conversación, o te suscribes a los feeds y recibes los artículos directamente en tu lector?

Comentarios

It would be also useful to link to the fail2ban website: http://www.fail2ban.org :)

I have installed this patch and get the following error -

$ sudo fail2ban-client set ssh-iptables banip 1.2.3.4
Invalid command (no set action or not yet implemented)

Can you please sugest where I have gone wrong.
Thank in advance, Kenneth.

Yes… it doesn’t work… Something missing?

> fail2ban-client set postfix banip 72.51.206.24

[LOG] Feb 13 14:12:18 XXX fail2ban.comm : WARNING Invalid command: ['set', 'postfix', 'banip', '72.51.206.24']

Been trying to see what’s going wrong but it seems that the command is not recognized as a “set” command and trigger the exception in ‘transmitter.py’ in :

def proceed(self, command):

=> except Exception, e:
logSys.warn(“Invalid command: ” + `command`)

And the exception is raised because we couldn’t pass successfully this bloc:

def __commandHandler(self, command):
[...]
elif command[0] == “set”:
return self.__commandSet(command[1:])
elif command[0] == “get”:
return self.__commandGet(command[1:])
elif command[0] == “status”:
return self.status(command[1:])
raise Exception(“Invalid command”)

…Help!

I installed fail2ban from the Fedora 12 repository (fail2ban-0.8.4-24.fc12.noarch.rpm), and the banip command fails in a different way:

# fail2ban-client set ssh-iptables banip 1.2.3.4
global name ‘time’ is not defined
#

Me too sale ob : global name ?time? is not defined

An “unbanip” command would be nice too:

fail2ban-client set ssh-iptables unbanip 1.2.3.4

You need to restart fail2ban, that should fix the invalid command error.

Also, in server/filter.py you need to import time to fix the global not defined error.

Change “import logging, re” to “import logging, re, time”.

Hi

I’m trying to get fail2ban to work. First of all, I can’t use –dports in iptables, because it says that it can’t find chain. Oh well, I can deal with that and use single port. The problem is with banning ip by hand. I fixed that problem with time. Unfortunately, all I get is echo with ip. Iptables -L shows that there are no rules in fail2ban chain. If I add that ip with iptables -I everything is fine. So, how do I know that fail2ban is working as it should? And, is there an easier way to test filters ?

Deja un comentario

(requerido)

(requerido)