Author Topic: Make Fail2ban puts its bans on CSF banlist  (Read 3362 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
Make Fail2ban puts its bans on CSF banlist
« on: January 25, 2022, 06:56:42 PM »
Title says it all.

I want to see the banned IPs on CWP's firewall banlist.
If I tell fail2ban to use iptables, it will will work in banning, but won't show it in the list. (I have to list iptables rules to see it)
If I tell fail2ban to use nftables, it will also work in banning, but won't show it in the list. (I have to use "nft list ruleset" to see it)

Offline
*****
Re: Make Fail2ban puts its bans on CSF banlist
« Reply #1 on: January 27, 2022, 02:56:54 PM »
csf also support custom regex you can do it in csf only and don't use fail2ban

Offline
***
Re: Make Fail2ban puts its bans on CSF banlist
« Reply #2 on: January 27, 2022, 08:51:00 PM »
Fail2ban is easier to use with just quick enabling the needed filters, hence why I went for it as an extra layer of protection.
I also found a way to make it use csf for the banning/unbanning action.

vim /etc/fail2ban/action.d/csf.conf
Content:
Code: [Select]
# fail2ban action config for csf deny / unblock IP
# /etc/fail2ban/action.d/csf.conf

[Definition]
actionstart =
actionstop =
actioncheck =

# It almost doesn't matter which of the below actionban command you use,
# as Fail2ban will issue an unban when the bantime is over.

# to deny an IP and add to /etc/csf/csf.deny
# Permanent block according to CSF. Fail2ban will unblock when bantime is over.
# This is safer option if you have a mix of temp and permanent block filters.
actionban = csf -d <ip> Fail2Ban - <name>

# to "temporarily" deny an IP and add it to /var/lib/csf/csf.tempban
# If all of your filters are set to temp blocks, then use this instead.
#actionban = csf -td <ip> <bantime> -p <port> Fail2ban - <name>

# to unblock an IP and remove from /etc/csf/csf.deny or /var/lib/csf/csf.tempban
actionunban = csf -tr <ip>

[Init]
name = default
« Last Edit: January 27, 2022, 08:56:54 PM by iraqiboy90 »