fail2ban – persistent banning

By default, fail2ban only bans IP addresses for 10 minutes or something.. and if you set your jail conf to -1, it will ban them forever– until you reboot. What’s the fix? A few lines in config that create a file that keeps all banned IP addresses, and auto loads them into iptables when the service starts.

The first bit highlighted under actionstart loads the persistent.bans list into IP tables on service startup-

The actionban commands gets an extra line to add the banned IP to the persistent.bans file.

pretty neat stuff – lines below image so you can copy paste, don’t forget to restart fail2ban after adding..

My persistent bans file has 2628 banned IPs in it after just 6 months.. just a homelab people, why??

      cat /etc/fail2ban/persistent.bans | awk '/^fail2ban-<name>/ {print $2}' \
      | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j <blocktype>; done

      echo "fail2ban-<name> <ip>" >> /etc/fail2ban/persistent.bans

The file to edit here is: /etc/fial2ban/action.d/iptables-multiport.conf

I created this threat feed with my persistent ban setup on my homelab: https://tfeed.somejoe.com

I simply use a cronjob to take the persistent bans file and parse it a couple of ways, it refreshes every 10 minutes, planning to post this config in detail soon.