https://github.com/bcambl/fail2ban-blacklist
Saves banned IP's in flat file for later use & importing.
https://github.com/bcambl/fail2ban-blacklist
Last synced: 9 months ago
JSON representation
Saves banned IP's in flat file for later use & importing.
- Host: GitHub
- URL: https://github.com/bcambl/fail2ban-blacklist
- Owner: bcambl
- Created: 2014-01-19T22:58:19.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2015-07-09T06:29:20.000Z (almost 11 years ago)
- Last Synced: 2025-04-04T10:51:38.748Z (over 1 year ago)
- Language: Python
- Size: 164 KB
- Stars: 9
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Persistent IP banning with Fail2ban
### Description
This project allows you to save all IP's that have been banned by fail2ban to a blacklist file via
some very basic python scripting.
Fail2ban will ban all ip's in the blacklist upon each restart. *(see: additional notes)*
### Installation
###### warning:
*If you have overridden actions.d/iptables.conf with a iptables.local file, Please review the iptables.local
file that is provided with this project and make the appropriate modifications to your version.*
After cloning this project:
````
cd fail2ban-blacklist
cp -r * /etc/fail2ban
````
Ensure blacklist.py and reban.py are executable:
```
chmod +x blacklist.py reban.py
```
Restart the fail2ban service: *(will vary base on your linux distribution)*
```
service fail2ban restart
```
### Usage
If the above installation instructions are followed, everything should work upon restarting fail2ban.
You can manually add IP's to the IP file:
```
/etc/fail2ban/blacklist.py
```
The above command will add the IP to the ip.blacklist file if it does not already exist.
Re-banning of IP's is disabled by default. Un-comment the line in actions.d/iptables.d to enable.
You may also execute the reban.py script manually:
```
/etc/fail2ban/reban.py
```
#### optional:
Edit ```report.py``` with your email address and configure a cronjob to run daily.
copy ```report.py``` to ```/etc/cron.daily```
This will email you all the banned IP's from the previous day with the associated country code.
### Dependencies
Tested with python 2.7.9 on CentOS 6.6
##### Additional notes:
- 1) If you are using the Fail2ban pyinotify functionality, Fail2ban will reban IP's when changes are
detected in secure.log. This may create duplicate iptables entries for some IP's if reban is enabled.