Resolved Use Fail2Ban IP's in Firewall Rules

[Ben Krause]

I have people beating up on my server all the time it seems. It happens so often now that I have setup Fail2Ban to block an IP for 7 days after one failed attempt for ftp/ssh/worpess etc. After a month I have 192 banned IP addresses.

I was wondering if there was a way to setup the firewall under plesk to ban those IP addresses from accessing the server at all? For example, the rule would be "block 'banned ip addresses' from accessing 'any service' on this server". This way if they try to ping the server or bring up a website that is hosted on the server, they would get no communication with the server until their IP was unbanned.

I just tested if this is a default already and it's not. I tried to login to a server ftp account with the wrong password and was banned. I then attempted to visit a website hosted on that same server on the same IP address and I was able to access it. What I'm looking for is that if I get banned because I gave a wrong ftp password, I would not be able to access website or any resources on that server from the same IP until it is unbanned.

Thanks in advance.

 

[Alberto Pizzarelli]

Hello,

What you are looking for you can get it just by setting the jails of each service, so that "block the ip on all ports, if that fails only on ftp", to consider, however, that the jail "recidive", blocks all Port for default:

[recidive]
enabled = true
filter = recidive
action = iptables-allports[name=recidive]
logpath = /var/log/fail2ban.log
maxretry = 5

 

[Ben Krause]

Thanks, that is exactly what I was looking for. I suppose if I had read the help I would have saw that recidive explanation right at the top of the jails section of the help manual. Thanks again.