# /etc/fail2ban/action.d/blacklist.conf
# Fail2Ban Blacklist for Repeat Offenders (action.d)
#
# Author: Mitchell Krog <mitchellkrog@gmail.com>
# Version: 1.1
# GitHub: https://github.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning
# Tested On: 0.8.13 
# Server: Debian Jessie 8.1
# Firewall: IPTables
#
# Dependancies: requires blacklist.conf in /etc/fail2ban/filter.d folder
#               requires jail settings called [blacklist]
#				requires ip.blacklist file in /etc/fail2ban
#				create with sudo touch /etc/fail2ban/ip.blacklist
#
# Drawbacks: Only works with IPTables
#
# Based on: the Recidive Jail from Fail2Ban
#
# This custom action requires a custom jail in your 
# jail.local file for Fail2Ban
# 
# Your jail file would be configured as follows
#
# [blacklist]
# enabled = true
# logpath  = /var/log/fail2ban.*
# filter = blacklist
# banaction = blacklist
# bantime  = 31536000   ; 1 year
# findtime = 31536000   ; 1 year
# maxretry = 10
#

[INCLUDES]
before = iptables-common.conf


[Definition]
# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#

actionstart = iptables -N f2b-<name>
              iptables -A f2b-<name> -j RETURN
              iptables -I <chain> -p <protocol> -j f2b-<name>
              # Sort and Check for Duplicate IPs in our text file and Remove Them
              sort -u /etc/fail2ban/ip.blacklist -o /etc/fail2ban/ip.blacklist
              # Persistent banning of IPs reading from our ip.blacklist text file
              # and adding them to IPTables on our jail startup command
              cat /etc/fail2ban/ip.blacklist | while read IP; do iptables -I f2b-<name> 1 -s $IP -j DROP; done
              
# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#

actionstop = iptables -D <chain> -p <protocol> -j f2b-<name>
             iptables -F f2b-<name>
             iptables -X f2b-<name>

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#

actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#

actionban = iptables -I f2b-<name> 1 -s <ip> -j DROP
			# Add the new IP ban to our ip.blacklist file
            echo '<ip>' >> /etc/fail2ban/ip.blacklist
# I don't want reporting on any badboys service
# curl http://www.badips.com/add/badbots/<ip>/

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban = iptables -D f2b-<name> -s <ip> -j DROP
# Remove IP from our ip.blacklist file
			sed -i -e '/<ip>/d' /etc/fail2ban/ip.blacklist

[Init]