what im suggesting is something, again this seems easy to me, but i dont know, and atm im trying to finish my web development, and i am the lone gunman, but an easy to include option could be something in the script, AGAIN NOT python, Im just giving example in bash
[root@chemlab /]# fail2ban-client status
Status
|- Number of jail: 4
`- Jail list: catchall, myadmin, errorlog, postfix
[root@chemlab /]# fail2ban-client status | grep "Jail list" |sed 's/^.*Jail list:\ *//g' | grep -o "[^,]*" | sed 's/^.*$/fail2ban-client set & addignoreip TESTINGIP/g'
fail2ban-client set catchall addignoreip TESTINGIP
fail2ban-client set myadmin addignoreip TESTINGIP
fail2ban-client set errorlog addignoreip TESTINGIP
fail2ban-client set postfix addignoreip TESTINGIP
[root@chemlab /]# fail2ban-client status | grep "Jail list" |sed 's/^.*Jail list:\ *//g' | grep -o "[^,]*" | sed 's/^.*$/fail2ban-client set & delignoreip TESTINGIP/g'
fail2ban-client set catchall delignoreip TESTINGIP
fail2ban-client set myadmin delignoreip TESTINGIP
fail2ban-client set errorlog delignoreip TESTINGIP
fail2ban-client set postfix delignoreip TESTINGIP
then again it could be as simple as
systemctl stop fail2ban.service
execute verifications
systemctl start fail2ban.service
I am the lone gunman so after beating my head into the wall i thought oh thats it… but if there are two or three different teams, or hired people or wtfe then one will possibly miss the other, and my fail2ban rules probably got triggered in a configuration jumble just like most have when dealing with certbot issues…
idk it was a suggestion, I am already going to have to write some automation for the certbot as i get certificates for my mail server, and for local only servers that obviously i need outwards facing for the verification, so i will be fine from now on
fwiw the thing that flipped my fail2ban ruleset was that i had
Header always set Strict-Transport-Security enabled in a .htaccess file which again is the multiple teams possible thing and i believe that headers forces https no matter what, and the certbot i think had an issue with that idk…
im good now, but the fail2ban was just a suggestion, cause if the ips get banned then it will never verify