Hi, I've configured fail2ban with action, filter for my php application.
My app output log like this:
unknown user foo (192.x.x.x)
My jail conf:
[php-app-login]
enabled = true
port = 80
protocol = tcp
filter = php-app-login
logpath = /var/www/php-app-login/var/logs/dev.log
findtime = 3600
bantime = 86400
maxretry = 3
ignoreip = 127.0.0.1/8
My filter definition:
[Definition]
failregex = unknown user .* \(<HOST>\)
ignoreregex =
It works well, but I like fail2ban add comment in iptables rule when add ban IP.
For example:
iptables -A INPUT -p tcp --dport 80 -m comment --comment "Ban foo" -j DROP
iptables -L -n -v
Chain INPUT (policy ACCEPT 94 packets, 23457 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 /* Ban foo */
I've googled and I think something needs to be changed in action but I
can't find how to pass the user variable to that action.
