---
title: fail2ban-manager
draft: true
date: 2025-01-16
---

An extensible CLI tool for managing [fail2ban](https://github.com/fail2ban/fail2ban).

- [Introduction](#introduction)
- [Working with Jails](#working-with-jails)
- [Plugins](#plugins)
  - [Cloudflare](#cloudflare)
  - [Plugin: Hetzner](#plugin-hetzner)
  - [Plugin: Telegram](#plugin-telegram)
- [Credits](#credits)

## Introduction

Source Code hosted on my [Forgejo instance](https://forgejo.gravityfargo.dev/gravityfargo/fail2ban-manager). Registration is enabled for the public with GitHub via Authentik.

Any issues and feature requests can be submitted here on GitHub.

This tool is designed to make managing fail2ban easier without the need to edit configuration files. It is designed to be extensible via plugins, and easy to use.

## Working with Jails

## Plugins

### Cloudflare

> Ban an IP address using IP Rules in [Cloudflare WAF](https://developers.cloudflare.com/waf/tools/ip-access-rules/create/). Jails are configured create rules in a specific DNS zone. Bans are cached in a database for fail2ban's check action to use.

| Notes                |                                                                   |
| -------------------- | ----------------------------------------------------------------- |
| Typer generated docs | [Link](man/cloudflare.md)                                         |
| Provided via         | [Officicial SDK](https://github.com/cloudflare/cloudflare-python) |

---

https://github.com/Paxxs/traefik-get-real-ip

| Variable               | Purpose                                   |
| ---------------------- | ----------------------------------------- |
| `CLOUDFLARE_EMAIL`     | Email address for Cloudflare account      |
| `CLOUDFLARE_API_TOKEN` | Token with permissions to manage IP Rules |

1. Enable the Cloudflare plugin

```bash
f2bm plugin enable cloudflare
```

1. Create an [API Token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/)
2. Get the [Zone ID](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/) from Cloudflare and create a zone in the database

```bash
f2bm cloudflare create-zone 11111111111111111111111111111111 example.com
```

### Plugin: Hetzner

> Whitelist ip addresses in the [Hetzner](https://www.hetzner.com/) cloud firewall, and bulk whitelist Cloudflare IP addresses.

| Notes                |                                                                 |
| -------------------- | --------------------------------------------------------------- |
| Typer generated docs | [Link](man/hetzner.md)                                          |
| Provided via         | [Officicial SDK](https://github.com/hetznercloud/hcloud-python) |

---

1. Enable the Hetzner plugin

```bash
f2bm plugin enable hetzner
```

2. Create an [API Token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/)

### Plugin: Telegram

> Send a message to a Telegram chat. Custom messages per-jail are supported as well as seperate groups for each jail.

| Notes                |                                                                   |
| -------------------- | ----------------------------------------------------------------- |
| Typer generated docs | [Link](man/telegram.md)                                           |
| Provided via         | [Rest API](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) |

---

## Credits

- [Typer](https://github.com/fastapi/typer), build great CLIs. Easy to code. Based on Python type hints.

- [Rich](https://github.com/Textualize/rich) is a Python library for rich text and beautiful formatting in the terminal.

- [envoyer](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) Stupid simple notifications library. (My Project)