Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make manual ban effective immediately #53

Closed
Kapsonfire opened this issue May 16, 2012 · 6 comments
Closed

make manual ban effective immediately #53

Kapsonfire opened this issue May 16, 2012 · 6 comments
Milestone
0.9.0

Comments

@Kapsonfire
Copy link

I try to add rules for manual ban, so first i added a new jail in /etc/jail.local

[blocklist]
enabled  =  true
port     =  all
filter   =  none
logpath  =  /etc/fail2ban/empty.log
maxretry =  1
bantime  =  3600
action   =  %(action_)s

fail2ban-client status seems fine

|- Number of jail:      8
`- Jail list:           blocklist, proftpd, ssh-ddos, apache-overflows, ssh, dovecot, apache, sasl

So heres my filter:

[Definition]

failregex =



ignoreregex =

Here's the output:

server1:/etc/fail2ban/filter.d# fail2ban-client set blocklist banip "22.22.22.22"
22.22.22.22

Result in iptables seems empty:

Chain fail2ban-blocklist (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Any idea?
@yarikoptic
Copy link
Member

have you seen #50 ?

@Kapsonfire
Copy link
Author

yeah allready did it... no effect
i try to make a workaround now to write in the emptylog with regex
echo date +"%Y/%m/%d %H:%M:%S" "A-IP" >> empty.log
somehow it ends with blocking the ip 0.0.0.20
doesn't matter what IP i add in the Log

@Kapsonfire
Copy link
Author

ok now correcting... it works after 1 minute... somehow...
but whats the failure about the 0.0.0.20 block=

@yarikoptic
Copy link
Member

yes -- may be it is due to the backend you are using (which is ...?) or
necessity for a log file to be touched to trigger action as reported in
#45
?

On Wed, 16 May 2012, Kapsonfire wrote:

ok now correcting... it works after 1 minute... somehow...
but whats the failure about the 0.0.0.20 block=

Reply to this email directly or view it on GitHub:
#53 (comment)

Yaroslav O. Halchenko
Postdoctoral Fellow, Department of Psychological and Brain Sciences
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik

@yarikoptic
Copy link
Member

so ATM it requires the log file jail monitors to get modified to trigger an action... otherwise manual ban is working. I have retitled the issue and postponed it for milestone 0.9.0

@yarikoptic yarikoptic mentioned this issue Aug 1, 2012
Closed
@yarikoptic yarikoptic mentioned this issue Nov 6, 2012
Closed
@yarikoptic
Copy link
Member

I think this one was addressed by 2d672d1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.9.0
Development

No branches or pull requests
2 participants
@yarikoptic @Kapsonfire