I was thinking how does the Fail2ban check the ip coming from the POS is from the same DDNS added to the ignore list??
I was searching through the fail2ban service page, but I couldnt find the answer to this. By Default it has a checik on domain name check ?
I’m not sure. But basically you are Chet only the hostname of course. The ddns does all the wot keeping track of the IP changes against the fixed hostname.
Yes Dear I am aware of that, As we have many DDNS for our clients But I was concerned about the fail2ban side as how it will verify the hostname it the ip address.
Anyways I have created a new DDNS Hostname and updated the IP with a update client now added this hostname to the fail2ban ignore list.
Lets see how accurate it can work.
the config of fail2ban yourself as this is just a standard install. Frappe haven’t done anything specific with this. But obviously if you reduce the IP checks you run the risk of security problems with possible attacks
Otherwise you could use a DNS servic
@fkardame, did the DDNS solve you blocking issue?
Yes, it works fine. I created DDNS for client outlets and added them to ignorelist in Fail2ban and since then it doesnt block those DDNS IP’s
This is very helpful but it is removed once system is rebooted.
What can be done to keep the ignore ip always in the jail?
Can someone help?
@fkardame I faced this issue only 2 days ago and I resolved it by whitelisting my IP and adding ignoreip [my ip address] to jail.conf under the [default] section. I’ve rebooted my server twice since then and the ban hasn’t reoccurred.
Hi did you able to fix this issue?
Which method used.
Ddns and fail2ban?
Any permanent solution you found?
You can just add ignoreip in /etc/fail2ban/jail.conf
ignoreip= 188.8.131.52 184.108.40.206 220.127.116.11
After that restart the fail2ban service
sudo systemctl restart fail2ban