using fail2ban for years, working nice, would like to automate and harden the security for my router.
So I would like that fail2ban created a local file, example, list.txt file with a list of banned IP addresses.
Something similar to this https://sslbl.abuse.ch/blacklist/sslipblacklist.txt
So I could share it on a webpage. My router is set up to import blocked IPs from such sources.
So how could I manage to do something like that? Any ideas?
Yes, you can forexample add a function to an existing "action" located in /etc/fail2ban/action.d/ , in my case I just added it into the "iptables-multiport.conf" file.
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
echo '<ip>' >> /path/to/file/ips.txt
Orphan's answer is correct, but I will try to explain a little bit more.
First, you should check which jail are you interested in, and then check which is the actionban associated to that jail.
The actionban parameter can be traced in the config files of Fail2ban, but this is not necessarily straightforward. Take, for example, the following configuration in /etc/fail2ban/jail.local:
[DEFAULT]
backend = auto
banaction = iptables-multiport
bantime = 1h
[sshd]
enabled = true
logpath = %(sshd_log)s
maxretry = 3
port = 22
For the sshd jail, no banaction is directly defined, so the default banaction = iptables-multiport is taken. Therefore, we should look into /etc/fail2ban/action.d/iptables-multiport.conf config file. If an actionban is not explicitly defined there, then we should check which file it refers to. In this example, the iptables-multiport config file includes:
[INCLUDES]
before = iptables.conf
This points to /etc/fail2ban/action.d/iptables.conf, where we can finally find a definition for actionban:
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
Now, following Orphan's answer, it is possible to modify the ban action on this line, adding a custom command:
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
echo '<ip>' >> /path/to/file/ips.txt
Finally, Fail2ban client should be reloaded in order to apply the changes:
fail2ban-client reload
