How to ban visitors from a specific country by geolocation in Fail2ban

In this article, will show how to ban visitors from a specific country using Fail2ban and geoip. It is assumed that Fail2ban is already installed and configured in your server.

Lets install first the geoip:

  
yum install geoip
  

Create Fail2ban action script:

  
vi /etc/fail2ban/action.d/geohostsdeny.conf
  

Copy the following script:

  
[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart = 

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop = 

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck = 

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights. 
#          Excludes PH|Philippines from banning.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = IP=<ip> &&
            geoiplookup $IP | egrep "<country_list>" || 
            (printf %%b "<daemon_list>: $IP\n" >> <file>)

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>

[Init]

# Option:  country_list
# Notes.:  List of exempted countries separated by pipe "|"
# Values:  STR  Default:  
#
country_list = PH|Philippines

# Option:  file
# Notes.:  hosts.deny file path.
# Values:  STR  Default:  /etc/hosts.deny
#
file = /etc/hosts.deny

# Option:  daemon_list
# Notes:   The list of services that this action will deny. See the man page
#          for hosts.deny/hosts_access. Default is all services.
# Values:  STR  Default: ALL
daemon_list = ALL
  

The script above will ban the visitors from Philippines which defined in "country_list".

To enable our action script in Fail2Ban:

  
vi /etc/fail2ban/jail.local
  

... and add the following line in your jail.local file:

  
banaction = geohostsdeny
  

Restart Fail2Ban:

  
systemctl restart fail2ban
  

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.