Control Web Panel

Security => CSF Firewall => Topic started by: iraqiboy90 on January 25, 2022, 06:56:42 PM

Title: Make Fail2ban puts its bans on CSF banlist
Post by: iraqiboy90 on January 25, 2022, 06:56:42 PM
Title says it all.

I want to see the banned IPs on CWP's firewall banlist.
If I tell fail2ban to use iptables, it will will work in banning, but won't show it in the list. (I have to list iptables rules to see it)
If I tell fail2ban to use nftables, it will also work in banning, but won't show it in the list. (I have to use "nft list ruleset" to see it)
Title: Re: Make Fail2ban puts its bans on CSF banlist
Post by: Sandeep on January 27, 2022, 02:56:54 PM
csf also support custom regex you can do it in csf only and don't use fail2ban
Title: Re: Make Fail2ban puts its bans on CSF banlist
Post by: iraqiboy90 on January 27, 2022, 08:51:00 PM
Fail2ban is easier to use with just quick enabling the needed filters, hence why I went for it as an extra layer of protection.
I also found a way to make it use csf for the banning/unbanning action.

vim /etc/fail2ban/action.d/csf.conf
Content:
Code: [Select]
# fail2ban action config for csf deny / unblock IP
# /etc/fail2ban/action.d/csf.conf

[Definition]
actionstart =
actionstop =
actioncheck =

# It almost doesn't matter which of the below actionban command you use,
# as Fail2ban will issue an unban when the bantime is over.

# to deny an IP and add to /etc/csf/csf.deny
# Permanent block according to CSF. Fail2ban will unblock when bantime is over.
# This is safer option if you have a mix of temp and permanent block filters.
actionban = csf -d <ip> Fail2Ban - <name>

# to "temporarily" deny an IP and add it to /var/lib/csf/csf.tempban
# If all of your filters are set to temp blocks, then use this instead.
#actionban = csf -td <ip> <bantime> -p <port> Fail2ban - <name>

# to unblock an IP and remove from /etc/csf/csf.deny or /var/lib/csf/csf.tempban
actionunban = csf -tr <ip>

[Init]
name = default