Fail2ban Module

SYSTEM INFORMATION
OS type and version Ubuntu Linux 20.04.5
Webmin version 2.001
Usermin version 1.860
Virtualmin version 7.5-1
Theme version 20.02
Package updates All installed packages are up to date

The fail2ban module could do with a little bit of a redesign as in certain cases it is impossible to remove a ban/view ip’s from a certain jail if you have over 15 entries in that jail.


This was not so bad when the ip tables module was in the networking area (it’s now moved to unused) as it at least had pagination to view the extra IP’s

is there a chance at some point to update the fail2ban module to have pagination ?

@jimr1,

iptables is replaced by firewalld on most distros.

that doesn’t help much … I am aware that happened, I am stating that the current modules (fail2ban & perhaps the firewalld module)

@jimr1,

You mentioned you were looking for iptables which isn’t used by Ubuntu. I was pointing out it isn’t being used and was letting you know what to look for… Oh well.

No, they’re right, I don’t see any easy way to see all the rules fail2ban has generated. They’re not visible in the firewalld module, the fail2ban module doesn’t make it nice, and the iptables module shouldn’t generally be used on a firewalld system. So, it’s a "you can’t get there from her"e situation. And, I get why that’d be frustrating.

I don’t have an immediate solution, but I’ll bring it up with @Jamie and @Ilia

I could add paginations to the long list of IPs in Fail2Ban.

2 Likes

@Joe,

Don’t they show under “Rich Rules”?

*** FirewallD def needs a lil love to expose more of it’s true power – ex…ipsets ***

Yes, it’s been awhile since I needed to remove an ip from Fail2ban. But, you would have to find the ipset and use the --get-entries to show the list of all the banned ip’s

@Joe @cyberndt @Ilia,

While I realize F2B adds a rule to the firewall, wouldn’t it make more sense to extend F2B module to list IP addresses it’s actively blocking? Then allow a user to “unblock” and/or “whitelist” an IP address from F2B since it could just issue the F2B command which unblocks an IP address and/or adds to the whitelist…

If you know the ip there is already a command to remove it from within F2B with command lines.
Like I said, It’s been awhile for me, but you can do a lot within F2B.

The rules fail2ban is adding aren’t really firewalld rules, they’re added to an ipset, which is…it’s own thing. Not listable in firewalld, as far as I know. But, it’s not really something I’ve looked too deeply at.

@Joe @Ilia @jimr1,

How about making a page inside F2B module which shows results of:

fail2ban-client banned

Then have an option to run:

fail2ban-client unban {ip_address}

and/or:

fail2ban-client {jail} addignoreip {ip_address}

Heck, even there could be a page for ignored IPs which could have an option to “unignore” one or more IPs triggering:

fail2ban-client {jail} ignoreip

Which would show list of ignored IPs for selected jail (which could be a dropdown at the top)

and:

fail2ban-client {jail} delignoreip {ip_address}

Which would remove the IP address from the ignore list…

There are lots of “fail2ban-client” items that could be added to the GUI to sum it all up.

*** From what I can see on the CLI, many of if not all of these commands issue clean JSON parsable data which would be easy to add to GUI. ***

1 Like

@tpnsolutions @staff if you hover over an IP the module allows you to remove the entry from the fail2ban jail which is just what I need … the ability to see just the first 25 entries is an issue for me . but the extra commands could be useful

@tpnsolutions

it does but only the first 25

Thanks for pointing this out. I have added it to my nearest Webmin todos. Although not Webmin 2.011 release but rather 2.020.

Thanks @Ilia