Fail2ban only picking up the first ignore IP

Today I had this problem where Fail2ban was keeping on blacklisting an IP address, even though it was in the ignoreip list in /etc/fail2ban/jail.conf.  After double-checking everything on the server, and googling desperately, I found out that up to version 0.8.2, Fail2ban had a bug which caused only the first IP in the ignoreip list to take effect.  And guess what?  Ubuntu versions before gutsy have older versions of Fail2ban.  After a bit of digging, I found out the patch which had fixed the problem in 0.8.2, and I decided to patch my local Fail2ban installation.

In order to do this, you should edit /usr/share/fail2ban/server/filter.py and apply the following patch:

--- filter.py.orig 2008-05-21 02:49:22.000000000 -0500 +++ filter.py 2008-05-21 02:50:12.000000000 -0500 @@ -299,7 +299,7 @@ for i in self.__ignoreIpList: # An empty string is always false if i == "": - return False + continue s = i.split('/', 1) # IP address without CIDR mask if len(s) == 1: @@ -314,7 +314,7 @@ if ip in ips: return True else: - return False + continue if a == b: return True return False

Then, you should restart Fail2ban:

/etc/init.d/fail2ban restart

And it will pick up the fix and process the ignoreip correctly.

Posted in Blog Tagged with: ,