fail2ban-subnets aims to provide a way to ban subnets of IPs repeatingly banned by fail2ban for multiple offenses. It thus uses the fail2ban logfiles and calculates the most restricted subnet to be banned for these IPs. Using the log file generated by fail2ban-subnets, and a new action.d script, we can thus create a specific jail in fail2ban for banning those subnets.
fail2ban-subnets is here to provide what's currently impossible in fail2ban, even if there are issues that are progressing on that side.
Copyright (C) 2015 Raphaël Beamonte <[email protected]>
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. [See the GNU General Public License for more details] GPLv2.
You can get the code by cloning this repository or downloading the last version of the zip package
You should edit the first part of the fail2ban-subnets.py file to adjust to your system. All comments on this configuration are provided in the file.
Here's the way I recommand setting fail2ban to avoid problems in future developments.
These settings are based on a Debian system and consider you got the fail2ban-subnets files in /home/usr/f2b-sn/, you should adapt them to your needs.
Go to the fail2ban settings directory of your system as root:
cd /etc/fail2banCreate the directories action.d.local and filter.d.local:
mkdir action.d.local filter.d.localCopy the fail2ban-subnets action and filter files in these new directories:
cp /home/usr/f2b-sn/action.d.local/* action.d.local/
cp /home/usr/f2b-sn/filter.d.local/* filter.d.local/Add the configuration for the fail2ban-subnets jail at the end of your local jail:
cat /home/usr/f2b-sn/jail.local >> jail.localInstall the fail2ban-subnets script to be executed once an hour:
cp /home/usr/f2b-sn/fail2ban-subnets.py /etc/cron.hourly/fail2ban-subnets
chown root:adm /etc/cron.hourly/fail2ban-subnetsNote: you could also set a crontab to go more regularly, still as root, by running crontab -e then setting your crontab.
Please use the [GitHub integrated issue tracker] issues for every problem you can encounter. Please DO NOT use my email for issues or walkthrough.