[RFE]: add ip-api.com info to fail2ban.log for jail members

[IgorLytkin]

Feature request type

Description

Considered alternatives

Any additional information

[sebres]

Geolocation? Just to link it to #3467 (not about ignore, but geo-info related stuff)...

In between (as long as not implemented) one could try something like that:

{ jail="sshd"; curl http://ip-api.com/batch?fields=country --data "$(fail2ban-client get "$jail" banned | tr "'" '"')"; }

However it'd work only for maximal 100 IPs, otherwise raises an error "HTTP 422 Unprocessable Entity", so one have to buffer them with max 100 IPs per chunk. Also note another restriction, related to there description (for free access):

Our endpoints are limited to 45 HTTP requests per minute from an IP address. If you go over this limit your requests will be throttled (HTTP 429) until your rate limit window is reset.

So an alternative could be asynchronous service updating the tickets in the database (to avoid repeated bulk queries for already "known" IPs).

[IgorLytkin]

Yes, it would be a nice solution.

[IgorLytkin]

So? Let's do it?

[sebres]

Let us define the order of RFEs regarding the precedence questions by ourselves, please. There are several other open tasks and feature requests with higher or same priority, that I'd like to implement before.

[IgorLytkin]

Yes, of course.