Over the last few days I noticed in my logwatch e-mails that one IP address kept trying to log in to my server, even though it was blocked regularly by fail2ban.
Here’s a post that explains how to simply add a list of IP addresses to block permanently. There’s only one catch: the listing provided there contains an error, the word <name> is missing in the iptables command, probably due to HTML conversion. This is the correct line to be insterted into the actionstart section of /etc/fail2ban/action.d/iptables-multiport.conf:
cat /etc/fail2ban/ip.blacklist | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done |
Use the following command to check if the IP address is indeed banned:
$ sudo iptables -L fail2ban-ssh Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 192.168.20.25 anywhere RETURN all -- anywhere anywhere
Leave a Reply