Join Log in
Score:1
Yohan W. Dunon avatar Server

How to set up fail2ban with UFW on Ubuntu 20.04?

fr flag
Yohan W. Dunon

I'm trying to block IP addresses with fail2ban and ufw with the following configuration and the default ufw.conf in /etc/fail2ban/action.d.

Jail config

[app-custom]
enabled = true
maxretry = 1
journalmatch =
backend = polling
logpath = %(log_path)s
findtime = 120
bantime = -1
banaction = ufw[application=$(app), blocktype=reject]

ufw config

actionstart =

actionstop =

actioncheck =

actionban = [ -n "<application>" ] && app="app <application>"
            ufw insert <insertpos> <blocktype> from <ip> to <destination> $app

actionunban = [ -n "<application>" ] && app="app <application>"
              ufw delete <blocktype> from <ip> to <destination> $app

[Init]
# Option: insertpos
# Notes.:  The position number in the firewall list to insert the block rule
insertpos = 1

# Option: blocktype
# Notes.: reject or deny
blocktype = reject

# Option: destination
# Notes.: The destination address to block in the ufw rule
destination = any

# Option: application
# Notes.: application from sudo ufw app list
application =

# DEV NOTES:
# 
# Author: Guilhem Lettron
# Enhancements: Daniel Black

For now, everything is correctly set up because I receive fail2ban notifications about banned IP, but I don't see any banned IP addresses in ufw status.

How can I make fail2ban work with ufw to block IP addresses correctly?

Thank you

4424
1 + 4
ufw
sebres avatar
il flag
sebres
1. Take a look at fail2ban.log for some errors. 2. I guess specifying of `application=$(app)` as parameter for action is not correct, you have to either use real application (known by ufw) or remove it / set it to empty value
2
Reply
Yohan W. Dunon avatar
fr flag
Yohan W. Dunon
@sebres the `fail2ban.log` was saying nothing about my issue, but your second point was the solution. I've edited my question with the working solution of my problem. Thanks!
0
Reply
djdomi avatar
za flag
djdomi
@dunon wrong way, please remove the Solution and ANSWER your question by your self or tell Sebres to do it for you to let him get some points - else the question will be unansered FOREVER!
1
Reply
Yohan W. Dunon avatar
fr flag
Yohan W. Dunon
@djdomi my bad, I've seen the button "Answer Your Question" so I thought I can simply edit my question and let it open for others. This way they can still share their point of view or working solutions. Plus you can still copy-paste the solution as an answer if you think it's the wrong way. –
0
Reply
Score:1
Yohan W. Dunon avatar Server
fr flag
Yohan W. Dunon

As @sebres point in his comment,

  1. I guess specifying application=$(app) as parameter for action is not correct, you have to either use real application (known by ufw) or remove it / set it to an empty value

the solution was to remove this part :

[application=$(app), blocktype=reject]

after banaction = ufw in config jail.

Now ufw block all the undesirable IP addresses.

Here is the kicker:

[app-custom]
enabled = true
maxretry = 1
journalmatch =
backend = polling
logpath = %(log_path)s
findtime = 120
bantime = -1
banaction = ufw

I hope this will help.

0 + 1
djdomi avatar
za flag
djdomi
Remember, to accept the answer.
1
Reply
Score:1
Engin Yilmaz avatar Server
de flag
Engin Yilmaz

I have been suffering the same problem . Your code acutally worked for me adding

banaction = ufw[application=$(app), blocktype=reject]

so my final jail.local is like so

...
[apache-auth]
enabled  = true
port = http, https
logpath  = /var/log/apache2/error.log
banaction   = ufw[application=$(app), blocktype=reject]
bantime = 100h
maxretry = 2
ignoreip = 192.168.0.101
ignoreself = true
...
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.