Integration with fail2ban

IPThreat can easily be integrated with fail2ban.

As of September 16, 2022 IPThreat is in main branch of fail2ban.

Step #1

Pull down release 1.0.1 or newer from the fail2ban releases and install/replace fail2ban. The readme on the fail2ban github repo has install instructions.

Step #2

Modify your jail.local or defaults-*.conf (where * is your platform) file to add an ipthreat global action.

# add to section [DEFAULT]
action_ipthreat = ipthreat 
action = %(action_)s
         %(action_ipthreat)s[]

Step #3

Modify config/action.d/ipthreat.conf to include your api key.

[Init]
# Option:  ipthreat_apikey
# Notes    Your API key from ipthreat.net
# Values:  STRING Default: None
# Register for ipthreat [https://ipthreat.net], get api key and set below.
# You will need to set the flags and system in the action call in jail.conf
ipthreat_apikey = [API_KEY_GOES_HERE]

Step #4

Ensure fail2ban does not resend all the ip addresses when it is restarted - this is the default behavior for ipthreat integration.

It is very important to leave the norestored = 1 line on the ipthreat.conf file, otherwise everytime you restart fail2ban, all ips will be resent to the api.