0

I haven't really found any way to do this - I have seen a few issues on the github dealing with it but nothing in the wiki indicating it exists.

Right now I have a problem, a set of 3 IP addresses are clobbering my SSHD. It's secure, no big deal - but I'm waking up to 10-15 email from fail2ban from these jerks. I've sent emails to their abuse line to no avail - the ISP seems to support this behavior?

What I have tried is adding the IP address to ufw with DENY ALL. Since the IP address still shows up in my logs even though they are banned fail2ban still go nuts.

Is there a way to have an exponentially increasing ban time so I don't have to get my inbox blown up?

1 Answers1

2

As Schroeder has suggested, if you don't want to alter the fail2ban alerting then the best way is to simply ignore the IP address entirely. What you're looking to do is more complex than you need to make it. Simply ignoring the IP is probably the most efficient way of doing this.

This article should show you briefly how to set it up, but as already mentioned it's just a case of using ignoreip then specifying the IP(s) you want to ignore.

An example of this would be the following ignoreip = 192.168.0.1/24 in this example it would ignore the range 192.168.0.1 - 192.168.0.254 I think this would perfectly suit what you're trying to achieve as you've said you've got 3 specific IPs so just replace my example with the addresses you're trying to block, obviously if it's only 3 IPs and not a whole range, don't block a whole range or you could run into issues if any legitimate clients have an IP in that range.