8

I am using fail2ban with ipfw on FreeBSD. Is there a way to ignore a specific ip address, making sure that fail2ban never blocks or reports it?

mivk
  • 3,446
  • 29
  • 31
Peter Smit
  • 1,154
  • 4
  • 18
  • 32

1 Answers1

12

See whitelisting on the fail2ban website:

# This will ignore connection coming from common private networks.
# Note that local connections can come from other than just 127.0.0.1, so
# this needs CIDR range too.
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

Another reference here:

First, find ignoreip. It's always important for you to have a way in! These are IPs are fail2ban will ignore - IPs listed here can always have invalid login attempts and still not be blocked. In my file, I'm putting down the network ranges for my internal network (192.168.1.0/24) as well as one other trusted IP address of a machine that I will be able to SSH into if need be. These need to be space separated! If they are not, fail2ban won't block anyone.

bstpierre
  • 236
  • 2
  • 5
  • 1
    This (like the docs) says everything except *where* to put this line. Some sources say `jail.conf` but my `jail.conf` file includes the line "YOU SHOULD NOT MODIFY THIS FILE". So should this line be added to `jail.local`? – user56reinstatemonica8 Jan 10 '17 at 11:46
  • 2
    It can be added to `jail.local`, under a line containing `[DEFAULT]` to introduce the section. – tanius Aug 04 '17 at 12:02
  • you can create a `jail.local` file if it does not already exist in the same folder as your jail.conf file – Edward Moffett Mar 09 '18 at 19:54