I’m installing fail2ban on a local Ubuntu 20.04 server that hosts some local websites I made.
I installed fail2ban because I want to protect access to my server from devices outside my company’s network. Because of this, I want to whitelist our company’s devices so that if we need to access the server, we can do so without trouble.
I created a jail.local file which looks like this at the moment:
So my question is: looking at the ignoreip line and the ignoreself lines, am I correct in saying that the ignoreself in this file whitelists the server itself and the ignoreip in this file will whitelist the devices within the company network (10.0.0.1-254)?
If not, how do I set this up? (For the record, the company IP in this example is not real to prevent brute force and hacking…)
Fail2ban recommends that you do not modify the jail.conf file, but rather make a new jail.local file. Whatever settings you provide in this file will override the configuration settings in the jail.conf file.
From what I’m reading online, it’s a good idea to whitelist the server IP so that fail2ban doesn’t block its own IP for whatever reason.
Which one do I use? I might stick with the original /24
This is what the manual says about the two files:
"Every .conf file can be overridden with a file named .local . The .conf file is read first, then .local , with later settings overriding earlier ones. Thus, a .local file doesn’t have to include everything in the corresponding .conf file, only those settings that you wish to override.
Modifications should take place in the .local and not in the .conf . This avoids merging problem when upgrading. These files are well documented and detailed information should be available there."
Also, that link shows how to do it in Ubuntu 16.04 not 20.04 which is what I’m using.