In this article, will show how to ban visitors from a specific country using Fail2ban and geoip. It is assumed that Fail2ban is already installed and configured in your server.
Lets install first the geoip:
yum install geoip
Create Fail2ban action script:
vi /etc/fail2ban/action.d/geohostsdeny.conf
Copy the following script:
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart =
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Excludes PH|Philippines from banning.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = IP=<ip> &&
geoiplookup $IP | egrep "<country_list>" ||
(printf %%b "<daemon_list>: $IP\n" >> <file>)
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>
[Init]
# Option: country_list
# Notes.: List of banned countries separated by pipe "|"
# Values: STR Default:
#
country_list = PH|Philippines
# Option: file
# Notes.: hosts.deny file path.
# Values: STR Default: /etc/hosts.deny
#
file = /etc/hosts.deny
# Option: daemon_list
# Notes: The list of services that this action will deny. See the man page
# for hosts.deny/hosts_access. Default is all services.
# Values: STR Default: ALL
daemon_list = ALL
The script above will ban the visitors from Philippines which defined in "country_list".
To enable our action script in Fail2Ban:
vi /etc/fail2ban/jail.local
... and add the following line in your jail.local
file:
banaction = geohostsdeny
Restart Fail2Ban:
systemctl restart fail2ban
For the opposite (which is to exempt), please check the article here.
Comments
In this case its BASH. You…
In this case its BASH. You can use any scripting language as long as your server's shell supports it.
Ban or Not Ban ?
You say "the script above will ban the visitors from Philippines" . do you not mean, "the script above will not ban the visitors from Philippines"
Could you advise which one...
The codes in this article…
country_list
. But if you're looking for the opposite (which is to exempt), please check the article here.Banning any connection?
This only works as soon as one of my active jails is triggered, or am I doing something wrong?
Do I have to setup a jail that will do it, and how?
This article shows actually…
This article shows actually how to setup a jail for banning specific country. Please follow the steps above carefully.
I agree with the last person.
Both scripts are the same and what concerns me is when I add a country following your instructions my traffic graph increase. When I remover the countries I want to ban then it goes back down?
Do some testing. Check the…
Do some testing. Check the hosts.deny file if the IP addresses listed there belongs to the country you are banning.
List of exempted countries separated by pipe "|"
How is this banning a country? It says exempted countries?
# Option: country_list
# Notes.: List of exempted countries separated by pipe "|"
# Values: STR Default:
#
country_list = PH|Philippines
admin
Tue, 09/19/2023 - 13:03
In reply to List of exempted countries separated by pipe "|" by David B (not verified)
I have already corrected the…
I have already corrected the comment in this article. Thank you.
banaction needs to be actionban
banaction = geohostsdeny in jail.local
should say actionban = geohostsdeny
When I changed this in jail.local the country ban worked.
It is "banaction" that works…
It is "banaction" that works for me. Anyway, if "actionban" that worked for you then use "actionban" instead of "banaction". Please do some testing like checking your hosts.deny file if the country of IP addresses listed there are in your ban list.
multiple countries to be banned
how do I need to configure country_list for multiple country entries?
The list of banned countries…
The list of banned countries is delimited by a pipe symbol “|”.
what kind of scripting?
Hi, thanks for sharing this info, may you tell me what kind of script is that used in action ? looks like bash, theres no much info about scripting fail2ban in internet.
thanks