Configure fail2ban to use route instead of iptables to block connections
Fail2ban uses iptables by default to block incoming connections when they exceed the max. login retrys. The iptables rules used by fail2ban might conflict with the firewall rules, so it might be nescessary to reconfigure fail2ban to use the route command for blocking incoming connections.
To reconfigure fail2ban for using the route command instead of iptables, edit or create the route.conf file:
vi /etc/fail2ban/action.d/route.conf
And insert the following lines:
# Fail2Ban configuration file
[Definition]
actionban = ip route add unreachable <ip>
actionunban = ip route del unreachable <ip>
Then add or change the banaction in the jail.local file in the [DEFAULT] section to “route”:
vi /etc/fail2ban/jail.local
And add or edit these lines:
# Fail2Ban configuration file
[DEFAULT]
banaction = route
Thank you very much, I couldn’t use fail2ban cause my kernel isn’t compiled with multiport module, i.e.,
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set , so iptables doesn’t work right (chains are always empty) and I have no experiences with kernel compiling.
Your tip is very helpfull! Fail2ban works again.
I did this mod. Now when something is banned there is a fail2ban error saying ip returned 100. What does that mean?
Hi,
We are using centos 5 and ISPConfig 3.
I dont have jail.local file …
Can you please explain?
@Richard: see jail.conf
Worked for me – Thanks!