OPNsense Forum
Archive => 22.7 Legacy Series => Topic started by: ThyOnlySandman on January 04, 2023, 02:07:12 pm
-
Hi,
Been learning some Vaultwarden which lead me to also learn some fail2ban.
Wasted some time but eventually realized fail2ban wasn't going to work behind separate NGINX proxy regardless of forwarded header. (nftables / iptables have correct ban IP yet packets inbound only from Opnsense / NGINX IP - thus no block)
So that lead me to find this Opnsense API solution to create ban Alias which is working well.
https://github.com/fail2ban/fail2ban/pull/2761/files
curl -k -s -XPOST -d '{"address":"<ip>"}' -H "Content-Type: application/json" -k -u "<oskey>":"<ossecret>" \
https://<osaddress>/api/firewall/alias_util/add/<osalias>
However it won't block until you stop trying to brute force for a bit and let the state expire.
What I'm wondering if I can append another API Curl to this that will delete all active states for the same ban IP to force it to restart which would give desired result of immediate block.
Possible? Any tips or API documentation pointers appreciated.
Edit: I missed this before posting but still not sure exactly what I need being completely unfamiliar with API. Perhaps I'll spin up my opnsense VM template and explore.
https://docs.opnsense.org/development/api/core/diagnostics.html#
POST diagnostics firewall delState $stateid,$creatorid
POST diagnostics firewall queryStates