fail2ban & InterWorx

fail2ban is a tool used to guard against DDOS and related attacks. While it does not come with InterWorx and is not supported by InterWorx, it is popular with many server administrators.

More information on how to install and configure fail2ban on CentOS 7 can be found here: https://www.liquidweb.com/kb/install-fail2ban-on-centos-7/.

Below are some common questions regarding how fail2ban works with InterWorx in specific situations.

1. If fail2ban blocks an IP via APF, will it show in Interworx so that it can be removed through the GUI?

   fail2ban adds IPs to APF’s deny_hosts list, which is what InterWorx reads, therefore it should appear in InterWorx. Currently blocked IP addresses can be seen by logging into NodeWorx and navigating to Server > Firewall. The Firewall page will have a section called “Blocked IPs” under the Global IP Access Control heading. This section will show all the currently blocked IPs with one on each line.

2. In a clustering setup, if a block is created on one of the nodes, will it just stay on that one node, or is there anyway to implement it across the cluster? If we set it on the master can it be spread across the cluster?

   fail2ban is not aware of the clustered nature of the server, therefore that block will only be implemented for that specific node. There is nothing in InterWorx or fail2ban that would allow those settings to automatically be replicated across the cluster.