Difference between revisions of "Whitelist"

From Fail2ban
Jump to navigationJump to search
(Added config demonstrating CIDR ranges for all private networks.)
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
'''Whitelisting'''
+
=== Whitelisting ===
  
Whitelisting of a single host for, lets say, courier-auth is NOT possible! and thats very bad ... and the README / Howto to whitelisting is very poor - and thats even worse ...
+
Whitelisting is setup in the jail.conf file using a space separated list.
  
The serversystem is Debian Etch, fail2ban according to apt-cache show:
+
<pre>[DEFAULT]
 +
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not                         
 +
# ban a host which matches an address in this list. Several addresses can be                           
 +
# defined using space separator.
 +
                                                                       
 +
ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8
 +
</pre>
  
 
+
<pre>
 
+
# This will ignore connection coming from common private networks.
I tried it with:
+
# Note that local connections can come from other than just 127.0.0.1, so
 
+
# this needs CIDR range too.
1) /etc/fail2ban/jail.conf:
+
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
 
+
</pre>
[DEFAULT]
 
 
 
ignoreip = 127.0.0.1, 82.198.214.113
 
 
 
= no success
 
 
 
global_whitelist = /etc/fail2ban/whitelist.txt
 
 
 
= no success
 
 
 
 
 
2) /etc/fail2ban/jail.local:
 
 
 
[DEFAULT]
 
 
 
ignoreip = 127.0.0.1, 82.198.214.113
 
 
 
= no success
 
 
 
3) /etc/fail2ban/fai2ban.conf:
 
 
 
[Definition]
 
 
 
ignoreip = 127.0.0.1, 82.198.214.113
 
 
 
= no success
 
 
 
Finally, I tried to set a "ignoreip"-Line in /etc/filter.d/courierauth, but with no success :-(
 
 
 
As far as I can see, there is no simple solution to whitelist single hosts (or networks?).
 
 
 
 
 
At the moment, we have de-activated fai2ban on our mailserver.
 
 
 
 
 
Greetings
 
 
 
 
 
Lars Behrens
 

Latest revision as of 13:04, 25 May 2010

Whitelisting

Whitelisting is setup in the jail.conf file using a space separated list. 

[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not                          
# ban a host which matches an address in this list. Several addresses can be                             
# defined using space separator.
                                                                         
ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8

# This will ignore connection coming from common private networks.
# Note that local connections can come from other than just 127.0.0.1, so
# this needs CIDR range too.
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=Whitelist&oldid=2782"