I would like to blacklist IPs flagged as attackers multiple times, but I don’t see a way to do this with the firewall GUI, and I know the firewall writes the fail2ban rules so I don’t want to mess with them directly if possible. Is there any way to automatically block repeat offenders forever without cutting and pasting into blacklist?
Thanks!
It does not do that at all. The Firewall is iptables, which means everything is done at the interface level before it gets into the system. Fail2ban is a backup for stuff that makes it through/past the Firewall and actually is processed by something like Asterisk or Apache so logs are generated for fail2ban to read.
For this part you can go into the Advanced section of the Firewall and then Advanced Settings tab to enable the Custom Firewall Rules so you can add your own rules to the Firewall to be used. In this case you can add rules to do what you are looking for.
If the intrusions are often enough
and you have set up the recidive jail
and you are using fail2ban 9+
then bans can effectively be both permanent and automatic.
If you want to go that way, I suggest moving to ipsets and tuning the findtime bantimes and how things get into the recidive jail.
All of this documented at
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.