[RFE]: Load ignore/whitelist IP address list from separate local configuration files instead of main configuration file to automatically update.

[Chathu07]

If the Fail2ban support load whitelist/ignores IP list from a separate configuration file, this can help to periodically update the ignore IP list using a cron job.

This is important because major search engines Google and Bing released the official bots' IP address range. Furthermore, some CDN services (Amazon AWS) periodically update the IP address list. As per their site, these IPs can be changed periodically. These services released the IP address list in JSON format for easy importing.

We can easily set up a bash script to import these IPs from their sites to our local machine configuration file. But with Fail2ban, it does not support importing a whitelist IP address list from a separate file.

I believe if the Fail2Ban can import (cron job to run periodically) these JSON files' IP addresses or load ignored IP lists from a separate local file, it would be a good option to prevent a fall positive ban. (instead of adding every IP to Fail2Ban main configure file).

Google bot IP: https://developers.google.com/search/apis/ipranges/googlebot.json
Bingbot IP list: https://www.bing.com/toolbox/bingbot.json
Amazon AWS IP list: https://ip-ranges.amazonaws.com/ip-ranges.json

[redbullpeter]

I'm dealing with a similar issue with whitelisting Cloudflare IP addresses.

[sebres]

Sorry for delay (it has fallen into oblivion)...

Well, such configuration possibility would not really provide advantage, because:

• the list is dynamic (if I understand correctly), so the jails using that need to be updated once some of that lists gets changed;
• it is not really necessary, since there are no advantages against ignorecommand

For similar issue see #2013 (comment) and below.

Thus I'll close this RFE now.