Firewall
Fail2ban Blocklist Tutorial
Combine Fail2ban with AntiProxies static blocklists to proactively ban known VPN, proxy and Tor IPs before they even attempt a request, at the system firewall level.
Steps
- 1
Install Fail2ban
Install Fail2ban with apt install fail2ban or yum install fail2ban. It uses iptables/nftables under the hood.
- 2
Create a custom jail
Add a jail configuration that loads a static ban file rather than watching log files. Fail2ban can ban IPs via its action mechanism even without log parsing.
- 3
Write an action file
Create a custom action that reads from the AntiProxies blocklist and uses iptables to block each IP.
Need the blocklist files?
Download free sample data or subscribe for daily-updated lists.
Free SampleCustom jail config
Fail2ban jail that loads a static IP ban list on startup.
[antiproxies]
enabled = true
filter = antiproxies
action = antiproxies-blocklist
logpath = /etc/fail2ban/blocklists/blocked_ips.txt
maxretry = 1
findtime = 86400
bantime = -1Custom action file
Action that creates an iptables chain for AntiProxies bans.
[Definition]
actionstart = iptables -N f2b-antiproxies
iptables -A INPUT -j f2b-antiproxies
# Pre-load all IPs from blocklist
while IFS= read -r ip; do
[[ -z "$ip" || "$ip" == "#"* ]] && continue
iptables -A f2b-antiproxies -s $ip -j DROP
done < /etc/fail2ban/blocklists/blocked_ips.txt
actionstop = iptables -D INPUT -j f2b-antiproxies
iptables -F f2b-antiproxies
iptables -X f2b-antiproxies
actionban = iptables -I f2b-antiproxies -s <ip> -j DROP
actionunban = iptables -D f2b-antiproxies -s <ip> -j DROPFrequently asked questions
What is the difference between Fail2ban and ipset for this use case?
Does bantime = -1 mean permanent ban?
Want to see what's in the database?
Download once, query as many times as you need. €99/year for all 22 databases, unlimited servers, and a full year of monthly updates. No usage limits, no per-query fees, no data leaving your servers.