egregius.be

Urban Exploration, PHP and others…

fail2ban

Fail2Ban on Synology DSM6

Fail2ban is a daemon that watches logfiles for errors using a regex expression. If errors are found actions are done. The most common action is blocking the source ip in firewall, or even higher using ‘ip route’.
Since there isn’t much information available regarding running fail2ban on Synology DSM 6 it took some time to get it configured.
Anyway, here we go:

Download the latest stable of fail2ban at Github.
Unpack the zip and place it somewhere on your Syno.
SSH in to your Syno and go to the path where you stored the files.
Run this command to install fail2ban:

sudo ./setup.py install

The binaries are installed in /usr/bin, the config files in /etc/fail2ban (let’s hope that survives a DSM update).
By default all jails are disabled so you have to edit /etc/fail2ban/jail.conf to activate the jails you want to use.
Then, of course you want fail2ban started automatically at startup. I run fail2ban with a startup script that was already in place /volume1/files/atstartup.sh and started by a simple on start task in Syno Taskscheduler

#!/bin/bash
sudo mkdir /var/run/fail2ban
sudo /usr/bin/fail2ban-client -c /etc/fail2ban start

Watch the logfile to see if everything goes as planned.

2 COMMENTS

  1. I know this is an old post but can you expand further? For example can you use iptables in DSM? I get a root error whenever I try. Are you doing some other type of jail action?

    • Hi Scott,

      It’s indeed an old post but probably still usable. I used it before because my Domoticz instance was running on the DiskStation and the webserver was available from the internet. Now my Domoticz is running on a dedicated server and I have a pfSense firewall in front of it. My DiskStation isn’t accessible anymore.

      If I check my terminal at the DiskStation both iptables and route commands are available. Can’t remember wich one I used, probably route. Something like “route add blackhole 1.2.3.4” as I use that command on all other systems to block ip addresses.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.