Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Commands & Shells, Networking

Fail2ban Whitelist IPs

Submitted by on December 2, 2014 – 9:16 pm

Fail2ban is an excellent security tool that will do a good job safeguarding your server. However, using fail2ban you may run into two issues: friendly fire and inability to permanently ban hostile networks. I already discussed the latter issue in some detail here. As to the former, you will need to whitelist friendly IPs and/or networks.

The configuration file in question (on Fedora, CentOS, RHEL) is /etc/fail2ban/jail.conf. Locate the line starting with “ignoreip” and, if there is no such line, then add one. It should look something like this:

ignoreip = 168.192.0.0/24 172.32.10.5 165.135.114.0/24

You can specify individual IPs or networks using CIDR notation. After making changes, save the file and restart fail2ban (i.e. “service fail2ban restart”). This should help you avoid locking yourself out by accident.

Print Friendly, PDF & Email

Leave a Reply