Whitelist in fail2ban and denyhosts

All SysAdminMan servers come with fail2ban and denyhosts installed. These are two software packages that do similar things so can be confusing.
Here are the differences –

fail2ban
monitors Asterisk logs for failed ‘Register’ attempts and blocks the IP using IPTables. This means if you get yourself blocked it will appear as though the server has gone down

denyhosts
monitors /var/log/secure for failed SSH attempts and just blocks the IP for SSH access. You will get connection refused just for SSH if you get yourself blocked

It’s possible to whitelist your own IPs so that they don’t get accidentally blocked by following the instructions below.

You should replace 123.123.123.123 with your own IP –

export ignoreip="123.123.123.123"

sed -i "s/ignoreip = /ignoreip = $ignoreip /" /etc/fail2ban/jail.conf
service fail2ban restart

echo "sshd: $ignoreip" >> /etc/hosts.allow
service denyhosts restart

3 thoughts on “Whitelist in fail2ban and denyhosts

  1. Krystyna

    Would it be possible to put this into a bash script and then run it whenever an ip address is blocked?

Comments are closed.