Fail2Ban

MailCleaner Support
Added 6 months ago

Fail2ban KB

IMPORTANT WARNING : Please note that the commands and path may vary depending on your system. In case of problem or doubt please open a ticket we will assist you
Note : The replication of Fail2ban ( ban/unban ) will be effective every 5 minutes

If the fail2ban.py command is not found use the complete path to interact with Fail2Ban:

/var/mailcleaner/.pyenv/versions/3.7.7/bin/fail2ban.py

Usage

  • List currently banned IPs on a specific server:

    fail2ban-client status <jail>

  • Show all banned IPs by Fail2ban on all server:

    echo 'SELECT * FROM fail2ban_ips WHERE active=true' |mc_mysql -s mc_config -t

  • Unban an IP in MailCleaner:

    fail2ban.py unban -i <ip> -j <jail> --f2b-call

Configuration

Note : By default all jails are disabled
  • Enable a jail:

    fail2ban.py jail enable -j <jail>

  • Enable all jails:

    fail2ban.py general enable

  • Disable all jails:

    fail2ban.py general disable

  • Change value of findtime, bantime or maxretry

    fail2ban.py jail change -j <jail> --option <option> -v <value>

Permant Blacklist

Blacklist in Fail2ban's integration is a specific jail dynamically created for all jails.

After the specified amount of ban (by default: 3) an ip that would be banned again will be moved to this permant jail (<jail>-bl).

  • Disable blacklist for a specific jail:

    fail2ban.py blacklist disable -j <jail>

  • Disable blacklist for all jails

    fail2ban.py general disable-bl

  • Enable blacklist for all jails

    fail2ban.py general enable-bl -v
    value = Max number of ban before blacklist [default: 3]

  • Manually blacklist an IP

    fail2ban.py blacklist add -j <jail> -i <ip>

  • To unban an IP that is currently blacklisted

    fail2ban.py blacklist remove -j <jail> -i <ip>

Whitelist

If you got specific needs on certain IP that shouldn't be banned at all by a specific jail you can configure it using the following commands

Add an IP to the whitelist

fail2ban.py whitelist add -j <jail> -i <ip>

Remove a whitelisted IP (This command needs to be ran on all server)

fail2ban.py whitelist remove -j <jail> -i <ip>

Advanced User

Note : The following section should only be used by user having knowledge of Fail2Ban and is therefore not supported

Create custom jail

In order to create a custom jail in MailCleaner,
you will need to add a specific DB's entry on the master server

echo "INSERT INTO fail2ban_jail (enabled, name, maxretry, findtime, bantime, port, filter, banaction, logpath, max_count) VALUES (<enabled>, '<name>', <maxretry>, <findtime> , <bantime>, '<port>', '<filter>', '<banaction>', '<logpath>', <max_count>);" |mc_mysql -m mc_config

Value Type
enabled TinyINT (0 or 1)
name, filter, banaction, logpath STRING
port STRING (delimiter ',' )
maxretry, findtime, bantime INT
max_count INT (disabled = 0)

Note: For the banaction please add mc-custom to fully integrate your jail in MailCleaner