Difference between revisions of "Whitelist"

From Fail2ban
Jump to navigationJump to search
(New page: Whitelisting Whitelisting of a single host for, lets say, courier-auth is NOT possible! and thats very bad ... and the README / Howto to whitelisting is very poor - and thats even worse ...)
 
(Added config demonstrating CIDR ranges for all private networks.)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Whitelisting  
+
=== Whitelisting ===
  
Whitelisting of a single host for, lets say, courier-auth is NOT possible! and thats very bad ... and the README / Howto to whitelisting is very poor - and thats even worse ...
+
Whitelisting is setup in the jail.conf file using a space separated list.
  
I tried it with:
+
<pre>[DEFAULT]
 +
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not                         
 +
# ban a host which matches an address in this list. Several addresses can be                           
 +
# defined using space separator.
 +
                                                                       
 +
ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8
 +
</pre>
  
1) /etc/fail2ban/jail.conf:
+
<pre>
 
+
# This will ignore connection coming from common private networks.
[DEFAULT]
+
# Note that local connections can come from other than just 127.0.0.1, so
 
+
# this needs CIDR range too.
ignoreip = 127.0.0.1, 82.198.214.113
+
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
 
+
</pre>
= no success
 
 
 
global_whitelist = /etc/fail2ban/whitelist.txt
 
 
 
= no success
 
 
 
 
 
2) /etc/fail2ban/jail.local:
 
 
 
[DEFAULT]
 
 
 
ignoreip = 127.0.0.1, 82.198.214.113
 
 
 
= no success
 
 
 
3) /etc/fail2ban/fai2ban.conf:
 
 
 
[Definition]
 
 
 
ignoreip = 127.0.0.1, 82.198.214.113
 
 
 
= no success
 
 
 
Finally, I tried to set a "ignoreip"-Line in /etc/filter.d/courierauth, but with no success :-(
 
 
 
As far as I can see, there is no simple solution to whitelist single hosts (or networks?).
 
 
 
 
 
At the moment, we have de-activated fai2ban on our mailserver.
 
 
 
 
 
Greetings
 
 
 
 
 
Lars Behrens
 

Latest revision as of 13:04, 25 May 2010

Whitelisting

Whitelisting is setup in the jail.conf file using a space separated list. 

[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not                          
# ban a host which matches an address in this list. Several addresses can be                             
# defined using space separator.
                                                                         
ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8

# This will ignore connection coming from common private networks.
# Note that local connections can come from other than just 127.0.0.1, so
# this needs CIDR range too.
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=Whitelist&oldid=2782"