use failtoban to block an IP

Discussion in 'Installation/Configuration' started by Oitsuki, Feb 26, 2020.

  1. Oitsuki

    Oitsuki Member

    Hello,

    I need to block a IP or a specific ip or (range).
    Could you help me ?
    The ip I must block : 128.75.190.13
    As you can see I have the "same IP" on Chain INPUT (policy ACCEPT). Do not know if it's correct or not.

    How to do that ?
    Sorry but I am zero in that.
    Thank you.

    I tried to do that :
    Code:
     iptables -A INPUT -s 128.75.190.13 -j DROP
    Code:
     iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    DROP       all  --  128-75-189-174.broadband.corbina.ru  anywhere           
    f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh
    DROP       all  --  128-75-190-13.broadband.corbina.ru  anywhere           
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination         
    REJECT     all  --  223-197-175-171.static.imsbiz.com  anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  mail.jecjk.com       anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  112.85.42.89         anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  112.85.42.182        anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  222.186.173.201      anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  ec2-52-78-144-195.ap-northeast-2.compute.amazonaws.com  anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  218.92.0.178         anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  node-5xr.pool-182-52.dynamic.totinternet.net  anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  218.92.0.165         anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  222.186.175.181      anywhere             reject-with icmp-port-unreachable
    RETURN     all  --  anywhere             anywhere           
    
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    Per your INPUT chain, that appears to be done. Having it twice is redundant, but harmless.
     
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    According to topic you want to do the block with fail2ban. Read man page for fail2ban-client. It is done something like
    Code:
    fail2ban-client       set <JAIL> banip <IP>
                  manually Ban <IP> for <JAIL>
    
     

Share This Page