diff --git a/docs/content/config/security/fail2ban.md b/docs/content/config/security/fail2ban.md index 8efb2fca..264c7091 100644 --- a/docs/content/config/security/fail2ban.md +++ b/docs/content/config/security/fail2ban.md @@ -78,7 +78,7 @@ This following configuration files inside the `docker-data/dms/config/` volume w [github-file-f2bjail]: https://github.com/docker-mailserver/docker-mailserver/blob/master/config-examples/fail2ban-jail.cf [github-file-f2bconfig]: https://github.com/docker-mailserver/docker-mailserver/blob/master/config-examples/fail2ban-fail2ban.cf -### Viewing All Bans +### Viewing All Bans and Ignores When just running @@ -86,7 +86,7 @@ When just running setup fail2ban ``` -the script will show all banned IP addresses. +the script will show all banned and ignored IP addresses. To get a more detailed `status` view, run @@ -102,6 +102,14 @@ You can manage F2B with the `setup` script. The usage looks like this: docker exec setup fail2ban [ ] ``` +### Managing Ignores + +If there are IPs or IP ranges you wish for fail2ban (never ban) this can be done like so: + +```bash +docker exec setup fail2ban [ ] +``` + ### Viewing the Log File ```bash diff --git a/target/bin/fail2ban b/target/bin/fail2ban index 769fab5f..3e0660a4 100755 --- a/target/bin/fail2ban +++ b/target/bin/fail2ban @@ -21,6 +21,7 @@ done if [[ -z ${1} ]]; then IPS_BANNED=0 + IPS_IGNORED=0 for JAIL in "${JAILS[@]}"; do BANNED_IPS=$(fail2ban-client status "${JAIL}" | grep -oP '(?<=Banned IP list:\s).+') @@ -29,9 +30,16 @@ if [[ -z ${1} ]]; then echo "Banned in ${JAIL}: ${BANNED_IPS}" IPS_BANNED=1 fi + IGNORED_IPS=$(fail2ban-client get "${JAIL}" ignoreip | grep -oP '(?<=[|`]-\s).+') + + if [[ -n ${IGNORED_IPS} ]]; then + echo "Ignored in ${JAIL}: ${IGNORED_IPS}" + IPS_IGNORED=1 + fi done [[ ${IPS_BANNED} -eq 0 ]] && _log 'info' "No IPs have been banned" + [[ ${IPS_IGNORED} -eq 0 ]] && _log 'info' "No IPs are ignored" else case "${1}" in