Print
Hits: 2331

In a previous article was described how to install Fail2Ban. Now on a regular basis you'll need to reboot your operating system to finish installing (security) updates. Without extra measures previously banned IP addresses are being lost. To make a ban permanent you'll need to create a new file:

sudo touch /etc/fail2ban/ip.blacklist

Edit the file /etc/fail2ban/action.d/iptables-multiport.conf and search for actionban and add the second line:

actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
echo <ip> >> /etc/fail2ban/ip.blacklist

Now search for actionstart and add the fourth line:

actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
cat /etc/fail2ban/ip.blacklist | sort | uniq | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done

Restart your service: sudo service fail2ban restart

Now you'll notice that IP's are being banned, and the ip.blacklist is getting filled with these IP addresses as well. When Fail2Ban service is restarted or your your system is restarted it will import all the IP's listed in the ip.blacklist.