After my previous post on setting up Fail2Ban, I spent a little more time with the built in recidive jail that comes with Fail2Ban but found it didn’t have enough control or certainty for me. I then just brushed up on my rather rusty coding skills and created my own custom Fail2Ban BlackList Repeat Offender Jail with it’s own action and filter file which works an absolute treat and truly just turns recidive banning into a little beast.
What my custom jail does is make use of a very simple little text file called ip.blacklist which contains any blacklisted IP’s that my blacklist jail detects. What is different is that by utilizing the blacklist text file my long bans stay in place even after reboots.
My actions also clean up after themselves and also check the file for any (unlikely) duplicate IP’s and remove’s them. It also drops an offending IP from his long time period ban when it expires and removes him from the ip.blacklist file too. For me it is perfect automation and I think you will enjoy using this custom jail and I truly think I have made it foolproof.
I have made it an open source project on Github, so take it use it, modify it do what you like to it. Out of the box it should just do everything you ever wanted when it comes to recidive / permanent jailing of repeat offenders on Fail2Ban.
I have spent a lot of time extensively documenting the project on my Github repo for it so simply follow through those instructions and download the source code files from there. I have updated my earlier article on setting up Fail2Ban to include this new jail and not the recidive jail.
Feel free to log any issues on the Github repo and please leave any comments or feedback below.
Happy Nixing in the Nixing Bowl !!!