lelutin
commented
8 years ago hi there, thanks for your help with this module!
usedns: yes thanks :)
persistent bans are now builtin with 0.9.x releases with the use of sqlite3. see https://github.com/fail2ban/fail2ban/releases/tag/0.9.0 however, debian jessie still has 0.8.13, so I'll merge it in.
there are some minor details that I can fix on top of your commits:
- we should note in the README that "persistent_bans" is only useful for ppl still using the 0.8.x branch of fail2ban.
- README mentions "persistent_ban" while manifests use "peristent_bans", so this should be corrected
- we should enforce type for the two new variables (e.g. boolean for persistent_types, make sure that usedns is one of "yes", "warn", or "no")
however, the template file for the multiport action seem to differ from default file:
- chain prefix is f2b instead of fail2ban
- commands use
<iptables>instead of "iptables" - jessie default file also includes "before = iptables-blocktype.conf" instead of "iptables-common.con", but this might be different in other systems.
luisilva
Added the ability to set usedns to (yes, warn or no) and drop a template in for iptables-multiport.conf that adds 3 lines that allow you hold a persistent ban list. It appears this is the way most folks have been doing this.
RE: https://arno0x0x.wordpress.com/2015/12/30/fail2ban-permanent-persistent-bans/
It would be great if you merged this in. If you have any idea about better ways please feel free to let me know. Thanks, Lui