How can I sync banned IPs across multiple servers or containers in a cluster?

March 27, 2025, 11:09 am / ggsu20004.ampblogs.com

How can I sync 축구중계 banned IPs across multiple servers or containers in a cluster?

When you have multiple web servers, containers, or cloud instances, it's important to keep the banned IP list synchronized across all instances to prevent attackers from bypassing security by switching to a different server or container.

Here are a few solutions to help you sync banned IPs across multiple systems:

✅ Method 1: Use a Shared IP Blocklist with ipset

ipset is a powerful tool that allows you to create IP address sets and manage them efficiently. By using ipset to block IPs at the firewall level, you can ensure that the ban list is shared across all your servers or containers.

Step-by-Step Setup:

  1. Create an IPSet on One Server:

    On the master server (where Fail2Ban is configured):

    
 

    bash

    복사

    ipset create blacklist hash:ip

  2. Export the IPSet to a File:

    To ensure synchronization, 축구중계 export the ipset list to a file:

    
 

    bash

    복사

    ipset save blacklist > /etc/fail2ban/blacklist_ips.txt

  3. Sync the Blocklist Across Servers:

    Use rsync or scp to copy the blacklist file across multiple servers:

    
 

    bash

    복사

    rsync -avz /etc/fail2ban/blacklist_ips.txt user@remote_server:/etc/fail2ban/

  4. Import the Blocklist on All Servers:

    On all other servers (including containers), import the updated blacklist:

    
 

    bash

    복사

    ipset restore < /etc/fail2ban/blacklist_ips.txt

  5. Apply the IPSet on Servers:

    Ensure that iptables uses the shared blacklist:

    
 

    bash

    복사

    iptables -I INPUT -m set --match-set blacklist src -j DROP

  6. Automate Syncing (Optional):

    Set up a cron job to run rsync every minute (or use a file-syncing service like Syncthing):

    
 

    bash

    복사

    */1 * * * * rsync -avz /etc/fail2ban/blacklist_ips.txt user@remote_server:/etc/fail2ban/

✅ Method 2: Use a Centralized Logging Solution (Loki + Promtail + Grafana)

If you’re using a centralized logging system like Loki, you can track IP bans across multiple servers and even trigger a sync action.

  1. Set Up Loki & Promtail:

    Configure all servers to ship logs (including Fail2Ban logs) to a centralized Loki instance.

  2. Configure Promtail to Monitor Fail2Ban Logs:

    Set up Promtail to ship Fail2Ban logs (/var/log/fail2ban.log) to Loki for central monitoring.

  3. Create a Custom Alert in Grafana:

    Set up an alert in Grafana when an IP gets banned multiple times. You can use Grafana’s alerting features to send this event to a script or webhook.

  4. Trigger an Automated Action:

    You can create a webhook or script that pulls the banned IPs from Loki and syncs them across your servers using rsync, API calls, or other mechanisms.

✅ Method 3: Shared Database for Ban Records

If you have a centralized database (e.g., MySQL, PostgreSQL) that all servers have access to, you can use it to store banned IPs, which ensures synchronization.

Step-by-Step Setup:

  1. Create a Shared Database:

    Set up a database table to store banned IPs:

    
 

    sql

    복사

    CREATE TABLE banned_ips 축구중계 ( ip_address VARCHAR(45), ban_time TIMESTAMP, PRIMARY KEY (ip_address) );

  2. Update Fail2Ban to Use Database:

    Modify Fail2Ban to log banned IPs to the database instead of local files. You can do this by modifying the Fail2Ban action configuration.

    File: /etc/fail2ban/action.d/sql-action.conf

    Example:

    
 

    ini

    복사

    [Definition] actionban = mysql -u user -p password -e "INSERT INTO banned_ips (ip_address, ban_time) VALUES ('<ip>', NOW());"

  3. Sync Database Across Servers:

    Set up database replication (master-slave or multi-master) to sync the banned IPs table across all your servers.

    • Use MySQL/MariaDB replication to sync the database in real-time.

    • Use PostgreSQL's replication feature for PostgreSQL-based setups.

  4. Block IPs Using the Database:

    On all your servers, you can create a cron job or use iptables to block IPs directly from the database, pulling the latest list.

✅ Method 4: Use a Distributed Blocklist Service (like Cloudflare or AWS WAF)

If your infrastructure is hosted on the cloud (e.g., AWS, Azure, GCP), or you’re using CDNs like Cloudflare, you can:

  1. Automatically Update Cloudflare's Firewall Rules:

    • Use the Cloudflare API to add banned IPs from Fail2Ban to Cloudflare's IP Access Rules.

    • Cloudflare allows you to update IP blocklists via its API, which can be integrated into a Fail2Ban action script.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Comments on “How can I sync banned IPs across multiple servers or containers in a cluster?”

Leave a Reply

Gravatar