In this article, will show how to ban visitors from a specific country using Fail2ban and geoip. It is assumed that Fail2ban is already installed and configured in your server.
Lets install first the geoip:
yum install geoip
Create Fail2ban action script:
vi /etc/fail2ban/action.d/geohostsdeny.conf
Copy the following script:
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart =
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Excludes PH|Philippines from banning.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = IP=<ip> &&
geoiplookup $IP | egrep "<country_list>" ||
(printf %%b "<daemon_list>: $IP\n" >> <file>)
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>
[Init]
# Option: country_list
# Notes.: List of exempted countries separated by pipe "|"
# Values: STR Default:
#
country_list = PH|Philippines
# Option: file
# Notes.: hosts.deny file path.
# Values: STR Default: /etc/hosts.deny
#
file = /etc/hosts.deny
# Option: daemon_list
# Notes: The list of services that this action will deny. See the man page
# for hosts.deny/hosts_access. Default is all services.
# Values: STR Default: ALL
daemon_list = ALL
The script above will ban the visitors from Philippines which defined in "country_list".
To enable our action script in Fail2Ban:
vi /etc/fail2ban/jail.local
... and add the following line in your jail.local file:
banaction = geohostsdeny
Restart Fail2Ban:
systemctl restart fail2ban
Comments
In this case its BASH. You…
In this case its BASH. You can use any scripting language as long as your server's shell supports it.
Ban or Not Ban ?
You say "the script above will ban the visitors from Philippines" . do you not mean, "the script above will not ban the visitors from Philippines"
Could you advise which one...
The codes in this article…
The codes in this article will ban all listed in
country_list. But if you're looking for the opposite (which is to exempt), please check the article here.
what kind of scripting?
Hi, thanks for sharing this info, may you tell me what kind of script is that used in action ? looks like bash, theres no much info about scripting fail2ban in internet.
thanks