Using fail2ban to manually block an ip for a specific time period

security iptables centos7 fail2ban

24,710

There is a fail2ban client:

# fail2ban-client set <JAIL> banip <IP>
# fail2ban-client set <JAIL> unbanip <IP>

Example:

# fail2ban-client set example banip 10.10.1.1
10.10.1.1

# fail2ban-client status example
Status for the jail: example
|- Filter
|  |- Currently failed: 0
|  |- Total failed: 10
|  `- File list:    /var/log/example.log
`- Actions
   |- Currently banned: 1
   |- Total banned: 2
   `- Banned IP list:   10.10.1.1

# fail2ban-client set example unbanip 10.10.1.1
10.10.1.1

# fail2ban-client status example
Status for the jail: example
|- Filter
|  |- Currently failed: 0
|  |- Total failed: 10
|  `- File list:    /var/log/example.log
`- Actions
   |- Currently banned: 0
   |- Total banned: 2
   `- Banned IP list:

24,710

Trent Three

Updated on September 18, 2022

Comments

Trent Three over 1 year

I'm noticing that brute force password crackers are becoming more sophisticated, learning the rate at which their IPs get banned, and slowing their intrusion attempts so as to not be caught by fail2ban. I'd like a way to be able to manually add IPs to the banlist in Fail2Ban that will be un-banned in a specific time period (but perhaps longer than the usual time). Is there a manual command-line way to tell fail2ban to block a certain ip/range and then have it later un-ban it after a period of time? This is under CentOS7
Trent Three almost 7 years

Is there a way to define a time period for an automatic unban, or do I have to manually unban the IP?
timmanna almost 7 years

It will be ban for the bantime set for your jail.
Trent Three almost 7 years

Does this appear the proper way to do this? Let's say I want a manual ban to last 12 days. I edit jail.local and add this: # custom jails [manban] bantime = 1036800 enabled=true and then execute this command: fail2ban-client set manban 1.2.3.4 and this would ban that ip for 12 days?