I'm noticing that brute force password crackers are becoming more sophisticated, learning the rate at which their IPs get banned, and slowing their intrusion attempts so as to not be caught by fail2ban. I'd like a way to be able to manually add IPs to the banlist in Fail2Ban that will be un-banned in a specific time period (but perhaps longer than the usual time). Is there a manual command-line way to tell fail2ban to block a certain ip/range and then have it later un-ban it after a period of time? This is under CentOS7
Asked
Active
Viewed 2.7k times
1 Answers
16
There is a fail2ban client:
# fail2ban-client set <JAIL> banip <IP>
# fail2ban-client set <JAIL> unbanip <IP>
Example:
# fail2ban-client set example banip 10.10.1.1
10.10.1.1
# fail2ban-client status example
Status for the jail: example
|- Filter
| |- Currently failed: 0
| |- Total failed: 10
| `- File list: /var/log/example.log
`- Actions
|- Currently banned: 1
|- Total banned: 2
`- Banned IP list: 10.10.1.1
# fail2ban-client set example unbanip 10.10.1.1
10.10.1.1
# fail2ban-client status example
Status for the jail: example
|- Filter
| |- Currently failed: 0
| |- Total failed: 10
| `- File list: /var/log/example.log
`- Actions
|- Currently banned: 0
|- Total banned: 2
`- Banned IP list:
-
Is there a way to define a time period for an automatic unban, or do I have to manually unban the IP? – Trent Three Jun 19 '17 at 03:29
-
1It will be ban for the `bantime` set for your jail. – HTF Jun 19 '17 at 07:07
-
Can you give me an example of configuring the jail set time? Say for one week? – Trent Three Jun 20 '17 at 15:47
-
Does this appear the proper way to do this? Let's say I want a manual ban to last 12 days. I edit jail.local and add this: `# custom jails` `[manban]` `bantime = 1036800` `enabled=true` and then execute this command: fail2ban-client set manban 1.2.3.4 and this would ban that ip for 12 days? – Trent Three Jun 22 '17 at 22:47