Permanent ban with Fail2ban

2012-11-20

If you are banning IP addresses using Fail2ban, there is little need to unban them (unless you ban yourself accidentally). So I always set my ban time to infinite:

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1/8 yourip anotheripyouuse
bantime  = -1
maxretry = 3

The key here was to set bantime to a negative number. You might be interested in my post on parsing Fail2ban logs.

Magnatecha

a blog

Permanent ban with Fail2ban