I have a fail2ban instance that works well.
But I also like to occasionally examine the logs manually and try to
ID system probes that are working around my standard f2b
definitions. In these cases I will sometimes manually ban an IP for
a longer period.
What I'm looking for is how I can define a jail that will last an
extended period of time that I can manually use in a command like this:
fail2ban-client set $JAIL banip $IP
Can someone give me the syntax to specify a custom jail in the config
file that isn't really triggered from log files (or it could be a
standard jail that has some condition that might not make it actually
trigger), that I can use in a manual statement? What I want to do is
have a much longer ban time for manual bannings that I identify
personally while looking through logs. I also want the option of
specifying which ports to block.
I'm not well versed with the lower level IP blocking commands and
prefer to use f2b with its automated expiration.
Can anyone help?
1. Syntax for a jail config and filter that could be used for
command line banning that isn't triggered by another condition?
2. Details on how to specify in those configs, which ports are
blocked? Can I specify them by number?
3. Is there any way to block an entire class C or does f2b only work
on single IPs?
Thanks for any help!
- Mitch
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
