Announcement

**SteveRiley** · Jan 18, 2014, 07:18 PM

Originally posted by Feathers McGraw View Post

Unfortunately, you won't be able to access my turbo instructive tutorials for a few hours!! I'm sure you're inconsolable!

Can't see any of your site at the moment, actually. Me <-- sad!

Originally posted by Feathers McGraw View Post

As I understand it, iptables rules don't survive a reboot. What's the best way to make sure they are restored? I've read a few things, but most of them seem to be working around Network Manager. I'm pretty sure the Pi doesn't have NM...

This should work: http://zach.seifts.us/posts/2013/07/...ans-persistent

**Feathers McGraw** · Jan 18, 2014, 07:27 PM

Cool! Thanks, that looks like a good solution.

Now fail2ban is up and running I just have to make sure I don't ban myself... lol.

(my home network is whitelisted, but I could easily lock myself out at work etc.)

How do you deal with offenders that are on dynamic IPs? Surely when the IP addresses rotate, you'll still be banning the wrong user?

That tutorial includes an actionban statement that writes IPs to the blacklist, but how are the bans released?

Feathers

**SteveRiley** · Jan 18, 2014, 07:39 PM

Originally posted by Feathers McGraw View Post

How do you deal with offenders that are on dynamic IPs? Surely when the IP addresses rotate, you'll still be banning the wrong user?

Probably a good argument for not permanently banning. You could get really fancy and have some kind of script look up potential to-be-banned addresses against whois, and if the address is in a netblock reserved for dynamic addresses, you could not add them to the block list. But because there's no single standard format for notating such blocks, I don't see the point.

Originally posted by Feathers McGraw View Post

That tutorial includes an actionban statement that writes IPs to the blacklist, but how are the bans released?

Code:

sudo iptables -D [i]chain[/i] -s [i]ip-addr[/i] -j DROP

Fill in the italicized items appropriately.

**Feathers McGraw** · Jan 18, 2014, 07:46 PM

Thanks. That's useful for manually releasing a block, but I was getting at the fact that fail2ban usually unbans people after the specified amount of time, but anyone that is banned once will be permanently banned using the instructions in the link above, right?

EDIT: after a reboot, that is.

**SteveRiley** · Jan 18, 2014, 08:30 PM

Oh. Duh, reading without comprehending again!

To remove an IP address from the permanent block list, just edit the file. Then, after a reboot, that IP will no longer be banned.

**Feathers McGraw** · Jan 19, 2014, 06:26 AM

Yeah, but if I'd like the ip.blacklist file to always reflect the current state of iptables, I'll have to modify "actionunban" or whatever it's called to search for that IP address in the ip.blacklist file and remove it. Otherwise there's little point in fail2ban being able to block people for a few hours and then unblock them, since they'll be blocked permanently after a reboot (unless I manually edit the list to unblock them, which surely defeats the point of automating with fail2ban!).

**Feathers McGraw** · Jan 19, 2014, 09:04 AM

so, how about this :

Code:

actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
                 sed -i".bak" '/<ip>/d' /etc/fail2ban/ip.blacklist

?

any reason why this might cause my pi to explode?

**SteveRiley** · Jan 20, 2014, 12:16 AM

Originally posted by Feathers McGraw View Post

any reason why this might cause my pi to explode?

Probably not your Pi, but possibly your head.

I know my head isn't completely where yours is at the moment (uh, don't go there...just...don't). As I think about this some more, what I suspect you want to do is have Fail2Ban's list survive a reboot, but still allow the entries to unban once the required time has elapsed. Is this correct?

**Feathers McGraw** · Jan 20, 2014, 04:27 AM

Originally posted by SteveRiley View Post

As I think about this some more, what I suspect you want to do is have Fail2Ban's list survive a reboot, but still allow the entries to unban once the required time has elapsed. Is this correct?

Exactly, otherwise any host that gets banned is on the blacklist, regardless of whether or not it got unbanned afterwards. So when you reboot, you'd be re-banning (permanently) all the unbanned IPs as well as the banned ones.

My addition is supposed to remove entries from the blacklist when they are unbanned, so you don't end up re-banning people you previously wanted to unban.

**SteveRiley** · Jan 20, 2014, 05:13 PM

I suspect it'll work. I have to fly to Honolulu this evening for a telecom conference; back home Wednesday. We can experiment on Thursday if you'd like.

**Snowhog** · Jan 20, 2014, 05:18 PM

Originally posted by SteveRiley View Post

I suspect it'll work. I have to fly to Honolulu this evening for a telecom conference; back home Wednesday. We can experiment on Thursday if you'd like.

Fly to Hawaii for a telecom conference?!! Who doesn't have the concept of what a 'teleconference' is about? Or do you just want to go to Hawaii for other reasons? Hmm?

**SteveRiley** · Jan 20, 2014, 06:07 PM

Isn't the irony just delicious?

(BTW, your jealousy is showing. bwahahaha)

**Feathers McGraw** · Jan 21, 2014, 03:39 AM

Haha it's all right for some! I'll be spending my week digging trenches in the ground, filling them up with water and seeing how long it takes for them to drain.

Isn't civil engineering glamorous?

Sounds good to me! Fail2ban successfully unblocked you after 1 day as planned, so that side of things is all good.

**SteveRiley** · Jan 24, 2014, 12:56 AM

Originally posted by Feathers McGraw View Post

I'll be spending my week digging trenches in the ground, filling them up with water and seeing how long it takes for them to drain.

How was your play time in the dirt?

Originally posted by Feathers McGraw View Post

Isn't civil engineering glamorous?

A little bit of Seattle history for you...

"The town’s proximity to sea level caused a new problem, literally, to rise up. In 1851, the same year the Denny party arrived, a fancy new device was introduced at the White House. It was called a 'water closet,' and, boy, did these things take off in popularity. Even in the tiny frontier town of Seattle, indoor toilets became the rage. By 1882, the city health commissioner, in his annual report, highlighted the fact that our sewers were operating at full blast, but it wasn't a one-way river. Twice a day when the tides came in, the sewers flowed with it -- backwards. Toilets became fountains!"

Originally posted by Feathers McGraw View Post

Sounds good to me! Fail2ban successfully unblocked you after 1 day as planned, so that side of things is all good.

Yay!

**Feathers McGraw** · Jan 24, 2014, 03:02 AM

Play time was fun, thanks.

That reminds me of that bit in Life of Brian where they're creeping through the sewers under the palace... hehe.

Feathers

Announcement

fail2ban & WordPress Plugin: some help with PHP please?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment