HomeBlogsEhsan Akhgari's blog

Fail2ban only picking up the first ignore IP

Submitted by Ehsan Akhgari on May 21, 2008 - 11:42
in

Today I had this problem where Fail2ban was keeping on blacklisting an IP address, even though it was in the ignoreip list in /etc/fail2ban/jail.conf.  After double-checking everything on the server, and googling desperately, I found out that up to version 0.8.2, Fail2ban had a bug which caused only the first IP in the ignoreip list to take effect.  And guess what?  Ubuntu versions before gutsy have older versions of Fail2ban.  After a bit of digging, I found out the patch which had fixed the problem in 0.8.2, and I decided to patch my local Fail2ban installation.

In order to do this, you should edit /usr/share/fail2ban/server/filter.py and apply the following patch:

  1. --- filter.py.orig      2008-05-21 02:49:22.000000000 -0500
  2. +++ filter.py   2008-05-21 02:50:12.000000000 -0500
  3. @@ -299,7 +299,7 @@
  4.                 for i in self.__ignoreIpList:
  5.                         # An empty string is always false
  6.                         if i == "":
  7. -                               return False
  8. +                               continue
  9.                         s = i.split('/', 1)
  10.                         # IP address without CIDR mask
  11.                         if len(s) == 1:
  12. @@ -314,7 +314,7 @@
  13.                                 if ip in ips:
  14.                                         return True
  15.                                 else:
  16. -                                       return False
  17. +                                       continue
  18.                         if a == b:
  19.                                 return True
  20.                 return False

Then, you should restart Fail2ban:

/etc/init.d/fail2ban restart

And it will pick up the fix and process the ignoreip correctly.

Trackback URL for this post:

http://ehsanakhgari.org/trackback/11

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

thank you

Submitted by Valere (not verified) on May 29, 2008 - 00:09.

Thank you !
I have been banned 2 times for 10 hours.

I hope your patch is reliable !

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.