0

I have a server listening on multiple public ip addresses. When a certain situation occurs I want fail2ban to ban only on the specific ip address where the connection is attempted and not on the whole server as it does by default.

I tried looking on all it's configs but I can't find anything regarding this.

Romeo Mihalcea
  • 502
  • 1
  • 6
  • 24
  • That would imply setting up every current jail for every IP address which would therefore multiply the number of filtering tables. I'm not sure I see any benefit to doing that as most people would want to block an intruder from all their systems. – Julie Pelletier Oct 07 '16 at 01:18
  • Nope. I want to block intruder on the exact ip he failed. My users are not hackers, some of them just forget to update some passwords and have bots trying to login to their services with the old password so I want to ban them on the specific destination ip for 10 mins. – Romeo Mihalcea Oct 07 '16 at 01:22

1 Answers1

0

You'll need to make a filter that targets the specific IP for each existing jail in /etc/fail2ban/filter.d/[rule].conf, and adjust your /etc/fail2ban/jail.conf to include all those jails.

Note that the IPtables filtering tables are managed fine automatically by the existing scripts, so they will get created automatically when the service is restarted.

Julie Pelletier
  • 1,000
  • 6
  • 8