make manual ban effective immediately #53

Closed
Kapsonfire opened this Issue May 16, 2012 · 6 comments

2 participants

@Kapsonfire

I try to add rules for manual ban, so first i added a new jail in /etc/jail.local

[blocklist]
enabled  =  true
port     =  all
filter   =  none
logpath  =  /etc/fail2ban/empty.log
maxretry =  1
bantime  =  3600
action   =  %(action_)s

fail2ban-client status seems fine

|- Number of jail:      8
`- Jail list:           blocklist, proftpd, ssh-ddos, apache-overflows, ssh, dovecot, apache, sasl

So heres my filter:

[Definition]

failregex =



ignoreregex =

Here's the output:

server1:/etc/fail2ban/filter.d# fail2ban-client set blocklist banip "22.22.22.22"
22.22.22.22

Result in iptables seems empty:

Chain fail2ban-blocklist (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Any idea?

@yarikoptic
Fail2Ban member

have you seen #50 ?

@Kapsonfire

yeah allready did it... no effect
i try to make a workaround now to write in the emptylog with regex
echo date +"%Y/%m/%d %H:%M:%S" "A-IP" >> empty.log
somehow it ends with blocking the ip 0.0.0.20
doesn't matter what IP i add in the Log

@Kapsonfire

ok now correcting... it works after 1 minute... somehow...
but whats the failure about the 0.0.0.20 block=

@yarikoptic
Fail2Ban member
@yarikoptic
Fail2Ban member

so ATM it requires the log file jail monitors to get modified to trigger an action... otherwise manual ban is working. I have retitled the issue and postponed it for milestone 0.9.0

@yarikoptic
Fail2Ban member

I think this one was addressed by 2d672d1

@yarikoptic yarikoptic closed this Nov 6, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment