[Dxspider-support] DX-spider fail2ban rules
Peter
pc2a at pi4cc.nl
Fri May 22 09:33:40 CEST 2020
Hi
I got fail2ban working and blocks IP's via IPtabels or UFW on a debian
linux system.
I make 2 rules to block unwanted behaivor.
First rule blocks multi conenction to the cluster and use the same call.
This is the result of a bumped off followed by a reconnect.
Make in jail.d a file named: dxc-bumped.conf with:
[dxc-bumped]
enabled = true
logpath = /spider/local_data/log/2020/05.dat
bantime = 300
maxretry = 1
One note! check the logpath for the log file and change this every month :-)
Make in filter.d a file named: dxc-bumped.conf with:
[INCLUDES]
before = common.conf
[Definition]
failregex = bumped off by <HOST>, disconnected$
ignore regex =
(re)start fail2ban and any reconnection will be lockout for 5 minutes
(300 seconds)
For a lock out call rules, make 2 new conf files per above with a
differend name and use as failregex:
failregex = on <HOST> is locked out, disconnected$
Results:
root at pi4cc:/etc/fail2ban# fail2ban-client status dxc-locked
Status for the jail: dxc-locked
|- Filter
| |- Currently failed: 0
| |- Total failed: 25
| `- File list: /spider/local_data/log/2020/05.dat
`- Actions
|- Currently banned: 2
|- Total banned: 25
`- Banned IP list: 70.61.22.78 78.13.227.246
root at pi4cc:/etc/fail2ban# fail2ban-client status dxc-bumped
Status for the jail: dxc-bumped
|- Filter
| |- Currently failed: 0
| |- Total failed: 23
| `- File list: /spider/local_data/log/2020/05.dat
`- Actions
|- Currently banned: 1
|- Total banned: 23
`- Banned IP list: 77.250.209.142
Peter
PC2A
More information about the Dxspider-support
mailing list