How can I prevent Fail2Ban from sending my server's IP from the UFW log to AbuseIPDB?

E

Evgeny Starkov2020-05-23 19:59:07

linux

Evgeny Starkov, 2020-05-23 19:59:07

I set the following parameters in the jail.conf config and it automatically sends data from the UFW log to the AbuseIPDB website, how to hide the IP or make your own comments when sending

jail.conf

[portscan]
enabled  = true
filter   = portscan
action = ufw
         %(action_abuseipdb)s[abuseipdb_apikey="xxx", abuseipdb_category="14,15"]

I tried this:

jail.conf

[portscan]
enabled  = true
filter   = portscan
action = ufw
         %(action_abuseipdb)s[abuseipdb_apikey="xxx", comment="Portscan!", abuseipdb_category="14,15"]

Does not work...

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

Evgeny Starkov, 2020-05-26
@asencilius

Solution:
jail.conf

[portscan]
enabled  = true
filter   = portscan
action = ufw
         %(action_abuseipdb)s[abuseipdb_apikey="xxx", matches="Portscan!", abuseipdb_category="14,15"]

H

hint000, 2020-05-24
@hint000

Register the address in the whitelist:
https://www.fail2ban.org/wiki/index.php/Whitelist