[arch-general] fail2ban archlinux

Maykel Franco maykeldebian at gmail.com
Wed Feb 17 14:14:15 UTC 2021

Hi, I've configured fail2ban with action, filter for my php application.

My app output log like this:

unknown user foo (192.x.x.x)

My jail conf:

enabled = true
port = 80
protocol = tcp
filter = php-app-login
logpath = /var/www/php-app-login/var/logs/dev.log
findtime = 3600
bantime = 86400
maxretry = 3
ignoreip  =

My filter definition:


failregex = unknown user .* \(<HOST>\)
ignoreregex =

It works well, but I like fail2ban add comment in iptables rule when add ban IP.

For example:

iptables -A INPUT -p tcp --dport 80 -m comment --comment "Ban foo" -j DROP

iptables -L -n -v

Chain INPUT (policy ACCEPT 94 packets, 23457 bytes)
 pkts bytes target     prot opt in     out     source
    0     0 DROP       tcp  --  *      *            tcp dpt:80 /* Ban foo */

I've googled and I think something needs to be changed in action but I
can't find how to pass the user variable to that action.

More information about the arch-general mailing list