forked from evolix/ansible-roles
fail2ban: add script unban_ip
This commit is contained in:
parent
68d9d3c47c
commit
cce7280cd0
|
@ -29,6 +29,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
* webapps/nextcloud: Added var nextcloud_user_uid to enforce uid for nextcloud user
|
||||
* webapps/nextcloud: Set ownership and permissions of data directory
|
||||
* webapps/nextcloud: Add condition for archive tasks
|
||||
* fail2ban: add script unban_ip
|
||||
|
||||
### Changed
|
||||
|
||||
|
|
26
fail2ban/files/unban_ip.sh
Normal file
26
fail2ban/files/unban_ip.sh
Normal file
|
@ -0,0 +1,26 @@
|
|||
#!/bin/bash
|
||||
|
||||
function version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
|
||||
|
||||
IP="$1"
|
||||
if [ "$IP" == "" ]; then
|
||||
echo
|
||||
echo -e "\033${TERM_COLOR_LIGHT_RED}Usage: $FUNCNAME <IP>\033${TERM_COLOR_NORMAL}"
|
||||
echo
|
||||
cat <<EOF
|
||||
unban an IP from all fail2ban jails
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
FAIL2BAN_VERSION="$(fail2ban-client --version | grep '^Fail2Ban v' | sed 's/Fail2Ban v//g')"
|
||||
FAIL2BAN_RECENT="$(version_gt 0.8.8 $FAIL2BAN_VERSION; echo $?)"
|
||||
for JAIL in $(fail2ban-client status | grep "Jail list" | sed -e 's/^[^:]\+:[ \t]\+//' | sed 's/,//g'); do
|
||||
if [ "$FAIL2BAN_RECENT" == "1" ]; then
|
||||
fail2ban-client set $JAIL unbanip $IP 2>&1 | grep -v "$IP is not banned";
|
||||
else
|
||||
iptables -D f2b-$JAIL -s $IP -j DROP 2>&1 | grep -v 'iptables: Bad rule' && sleep 5 || echo "$IP is not banned";
|
||||
fi
|
||||
done
|
||||
|
||||
exit 0
|
||||
|
|
@ -111,3 +111,12 @@
|
|||
- ansible_distribution_release == "stretch" or ansible_distribution_release == "buster"
|
||||
tags:
|
||||
- fail2ban
|
||||
|
||||
- name: Script unban_ip is installed
|
||||
ansible.builtin.copy:
|
||||
src: unban_ip.sh
|
||||
dst: /usr/local/sbin/unban_ip
|
||||
mode: '0700'
|
||||
tags:
|
||||
- fail2ban
|
||||
|
||||
|
|
Loading…
Reference in a new issue