1

Topic: When Using the Fail2Ban Unban add to whitelist

When Using the Fail2Ban Unban option could we add those ips to a whitelist so they are ignored?

2

Re: When Using the Fail2Ban Unban add to whitelist

robertom wrote:

When Using the Fail2Ban Unban option could we add those ips to a whitelist so they are ignored?

You mean permanently whitelist it?

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

3 (edited by iredmailtnt 2021-01-20 21:02:25)

Re: When Using the Fail2Ban Unban add to whitelist

ZhangHuangbin wrote:
robertom wrote:

When Using the Fail2Ban Unban option could we add those ips to a whitelist so they are ignored?

You mean permanently whitelist it?

YES!! That would be great. Right now I still have to intervene if I have a problem with a particular client with many systems behind a single static ip address. This would allow self serve for domain admins.

It would also be nice if it could be allowed for certain domain admins and not others. I can see this getting abused for domain admins that do not really understand what they are doing. I have some domain admins that actually understand these type of things and others that can/should only be able to add/remove users. Obviously global admins would be able to do everything.

In thinking about this a little more, it would be nice to be able to whitelist an ip temporarily. The use case is someone gets a new device that is behind a dynamic ip address. While they are getting things setup, fail2ban adds that ip to the blacklist which sometimes generates multiple support calls until things are setup properly. I sometimes end up temporarily white listing an address so they can get back in service. If an ipaddress could be whitelisted for some short period of time that would make things easier from an administrative standpoint. Maybe have a drop down to allow a time to be selected similar to they way things work when a user is deleted.

Regards,

Tom

4

Re: When Using the Fail2Ban Unban add to whitelist

Fail2ban supports reading (permanently) whitelisted IP/networks from its config file, but not from a SQL db, so temporarily whitelist is not possible.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee