From: <am...@ba...> - 2013-12-13 08:47:17
|
Hi On Sun, Dec 08, 2013 at 08:06:12PM -0500, Roman Gelfand wrote: > I have noticed that when bouncing fail2ban, the bans are cleared. Is > there a way to persist them? You could report to badips.com, see here: http://www.badips.com/snippets Then you can receive the reported IPs back and include it in your firewall e.g. like this: wget http://www.badips.com/get/list/ssh/3 see http://www.badips.com/apidoc for detauls. This would give you all IPs reported to badips.com. If you want to receive only the ones you reported, get yourself a key: wget http://www.badips.com/get/key then change the url for receiving IPs to this: wget http://www.badips.com/get/list/ssh/3?key=<your key> You can even syncronize all your servers blocklist by giving them the same key: http://www.badips.com/blog/personalized-statistics-track-the-attackers-of-all-your-servers-with-one-key To integrate it into your firewall, consider using the ipset format: wget http://www.badips.com/get/list/ssh/3?key=<your key>&format=ipset > Also, does fail2ban have a utility to clear unban a specific ban? This feature was requested in the badips.com forum lately and will be implemented in badips.com soon (but unrelated to fail2ban). R, Amy |