On 2016-11-12 13:30, Rodney Baker wrote:
On Wednesday, 9 November 2016 3:51:58 AM ACDT Carlos E. R. wrote:
On 2016-11-08 19:28, Greg Freemyer wrote:
On Tue, Nov 8, 2016 at 12:53 PM, Lew Wolfgang
wrote: On 11/08/2016 09:43 AM, John Andersen wrote:
Can't you add a FQDN to fail2ban instead of an IP?
...
In the fail2ban config on that server I have:
ignoreip = 1.2.3.4 where that would be my home IP.
The doubt is whether you could place there the DNS name of your home IP, not the IP itself.
I was thinking the same thing. If you use a dynamic DNS service for your home IP then you could use the FQDN of your home connection in the fail2ban config, if that is supported.
I do see an issue with that, though - every connection attempt would trigger a reverse DNS lookup to get the hostname associated with the source IP address, which would consume a lot of resources, both on the host running fail2ban and lots of unnecessary DNS requests (especially in the case of a botnet attack from lots of spoofed IP addresses).
Ah. Ok. Two solutions. One is running a local DNS cache, like dnsmasq. It is possible that fail2ban doesn't accept names for that very reason. Then the trick is to edit that file with a cronjob that finds the current IP address of the home machine and updates the config if it changed. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)