Client banned based on IP?

Julian_Robbins · November 1, 2017, 8:12pm

Sounds like your on the right track now.

Can you whitelist an IP with fail2ban ?

Rokasan · November 1, 2017, 8:19pm

Yes Im looking for now how to whitelist or unban, but also a question for me what was the reason of the ban…
I have done nothing special, I was just using the system as a regular user.

Rokasan · November 1, 2017, 8:36pm

Solved now using the fail2ban-client as describen here

thanks to All for taking care !

clarkej · November 1, 2017, 8:43pm

Thank you @Rokasan

Your question prompted me to check my /var/log/nginx/error.log

All the connection attempt activity there gives me cause for concern.

I need to do a security audit review and investigate my need for a proxy

John_Yao · July 16, 2018, 5:21am

Hi All,

I have same problem, it’s for client, it will occur like every 2-3 days, the Client’s IP will be blocked for about 10 mins.

I can solve it with iptables -F to flush all the -A rules to make the system back to work. But it will occur again definitely.

I checked web.error.log, I noticed the worker keep exit and booting, I don’t know if this is normal?

I can flush the rules to remove the BAN or just wait a while, the ban will be released (Sometimes I didn’t do anything it will recover).

But it seems a bit annoying. I need to know what has caused the problem? How to avoid valid user IP banned by the f2b-NoNginxProxy?

John_Yao · July 16, 2018, 5:38am

Hi All,

Just now I tried to add my client IP and my IP into the white-list with the command fail2ban-client set JAIL_NAME addignoreip IP, to find your jail name, you can use command fail2ban-client status.

To get the white list you can use command: fail2ban-client get JAIL_NAME ignoreip

Please let me know if I’m doing right thing, many thanks!

If it helps you, I will be very happy!

fkardame · December 19, 2018, 8:22pm

Looks like the fail2ban still bans pos connected to the server on offline mode.

One of my clients IP was getting banned for some time, This was occurring everyday.
I have added the Static IP to the ignore list, will test it for few days and get back to this thread.

Thanks for the guide.

fkardame · January 18, 2019, 2:49pm

This is helpful.

I added the Static IP’s to the Whitelist but now one of the outlet dont have static IP anymore, So i had to stop fail2ban service.

is there any way to make it less strict?

Julian_Robbins · January 19, 2019, 9:24am

You could tweak the config of fail2ban yourself as this is just a standard install. Frappe haven’t done anything specific with this. But obviously if you reduce the IP checks you run the risk of security problems with possible attacks

Otherwise you could use a DNS service like the free noip.com on your pos terminal so that you have a standard DNS hostname instead of an IP that you base fail2ban rules on even with the IP changing at times.

fkardame · January 19, 2019, 12:05pm

Yes I want thinking the same to put DDNS, As I read about it in some other thread, But will have to make it everywhere. WIll try this method also, As I am not comfortable to disable the fail2ban service.

Tweaking will not help as it is again making the server vulnerable just like disabling the service.

I will try the DDNS and check how it goes.

Julian_Robbins · January 19, 2019, 12:37pm

Yes using ddns isn’t perfect as it can take say up to 30s to change up on the hostname.

But if can work and may be your best solution

Julian

fkardame · January 19, 2019, 12:39pm

I was thinking how does the Fail2ban check the ip coming from the POS is from the same DDNS added to the ignore list??

I was searching through the fail2ban service page, but I couldnt find the answer to this. By Default it has a checik on domain name check ?

Julian_Robbins · January 19, 2019, 1:02pm

I’m not sure. But basically you are Chet only the hostname of course. The ddns does all the wot keeping track of the IP changes against the fixed hostname.

Julian

fkardame · January 19, 2019, 1:04pm

Yes Dear I am aware of that, As we have many DDNS for our clients But I was concerned about the fail2ban side as how it will verify the hostname it the ip address.

Anyways I have created a new DDNS Hostname and updated the IP with a update client now added this hostname to the fail2ban ignore list.

Lets see how accurate it can work.

alexsilva · August 11, 2019, 9:52pm

Hi @fkardame, did the DDNS solve you blocking issue?

fkardame · August 12, 2019, 10:45am

Yes, it works fine. I created DDNS for client outlets and added them to ignorelist in Fail2ban and since then it doesnt block those DDNS IP’s

fkardame · January 6, 2020, 1:20pm

This is very helpful but it is removed once system is rebooted.

What can be done to keep the ignore ip always in the jail?

Can someone help?

flexy2ky · January 10, 2020, 5:34am

@fkardame I faced this issue only 2 days ago and I resolved it by whitelisting my IP and adding ignoreip [my ip address] to jail.conf under the [default] section. I’ve rebooted my server twice since then and the ban hasn’t reoccurred.

Ajithprakash · January 18, 2022, 8:15pm

Hi did you able to fix this issue?
Which method used.
Ddns and fail2ban?

Any permanent solution you found?

aashishvashisht6 · January 18, 2022, 8:36pm

@Ajithprakash
You can just add ignoreip in /etc/fail2ban/jail.conf

ignoreip= 8.8.8.8 172.168.151.4 43.55.32.10

After that restart the fail2ban service

sudo systemctl restart fail2ban