mirror/Fail2Ban-Report
1
0
Fork 0
mirror of https://github.com/SubleXBle/Fail2Ban-Report.git synced 2026-02-12 03:38:45 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
8d30d06c46484d0811a397ff4579369bae0559cc
Fail2Ban-Report/using-Fail2Ban-firewall-update.md
SubleXBle 3cc6299cfb Update using-Fail2Ban-firewall-update.md
2025-07-30 14:46:04 +02:00

2.5 KiB
Raw Blame History

🔧 Using Fail2Ban Jail for firewall-update.sh (Experimental)

As of version 2, Fail2Ban-Report includes experimental support for managing bans via Fail2Ban directly instead of using ufw.
This feature is intended for advanced users who want deeper integration with Fail2Ban.
Use with caution existing setups will not be affected unless you explicitly switch to this method.

⚠️ Important Notes

  • This is an experimental feature and will change in future releases.
  • You need to rename the script manually and configure a custom Fail2Ban jail.
  • Make sure paths (e.g. blocklist.json) are consistent with your setup.
  • Do not use standard jails like sshd or apache-auth use a dedicated jail only.

🛠️ Setup Instructions

  1. Replace the default script

    Rename the experimental script so it becomes active:

    mv /opt/Fail2Ban-Report/firewall-update.sh /opt/Fail2Ban-Report/firewall-update-ufw.sh
mv /opt/Fail2Ban-Report/firewall-update-f2b.sh /opt/Fail2Ban-Report/firewall-update.sh

    Edit the script to match your environment:

    • Adjust the path to BLOCKLIST_JSON
    • Optionally enable logging by setting LOGGING=true
    • Make sure ownership/permissions are correct (e.g. www-data)

  2. Create a custom Fail2Ban jail

    Create a new jail file, for example:

    sudo nano /etc/fail2ban/jail.d/manualban.local

    Add the following contents:

    [manualban]
enabled = true
filter = none
action = iptables-allports[name=manualban]
banaction = iptables-allports
findtime = 600
bantime = 86400
maxretry = 1
    • filter = none ensures that no log-based filtering is done.
    • This jail is managed exclusively by the script via fail2ban-client.

  3. Restart Fail2Ban

    sudo systemctl restart fail2ban

How It Works

  • The script reads the blocklist.json generated by Fail2Ban-Report.
  • Active IPs are added to the specified jail using fail2ban-client set JAIL banip.
  • Inactive IPs are removed using unbanip.
  • The JSON file is cleaned from inactive entries.

🔁 Switching back to UFW-based firewall

If you want to revert to the original ufw integration:

mv /opt/Fail2Ban-Report/firewall-update.sh /opt/Fail2Ban-Report/firewall-update-f2b.sh
mv /opt/Fail2Ban-Report/firewall-update-ufw.sh /opt/Fail2Ban-Report/firewall-update.sh

Dont forget to update your cronjob accordingly.

Reference in New Issue View Git Blame Copy Permalink