How to get Pushbullet notifications on Fail2ban's ban actions


  • Receive Pushbullet notifications when Fail2ban’s ban action is triggered.
  • Those notifications should include the protocol, banned ip, and geo location.

0. Prerequisite

Fail2ban and Golang must be installed on your machine.

1. Get your Pushbullet access token

Visit this page and get your access token.

2. Build

Download the code,

$ wget
$ vi pushbullet-fail2ban.go

change MyPushbulletChannel and MyPushbulletToken to yours,

const (
	MyPushbulletChannel = ""                                 // XXX - empty string when not needed
	MyPushbulletToken   = "abcdefghijklmnopqrstuv0123456789" // XXX - your pushbullet API token here

and build it:

$ go get -u
$ go build pushbullet-fail2ban.go

Now you got the executable binary: pushbullet-fail2ban.

To make things sure, you can test it:

$ ./pushbullet-fail2ban "SSH" ""

If you get a message like this, everything is good so far:


5. Configure Fail2ban

Firstly, duplicate your current ban action:

$ cd /etc/fail2ban/action.d
$ sudo cp iptables-multiport.conf iptables-multiport-letmeknow.conf
$ sudo vi iptables-multiport-letmeknow.conf

then append a line at the end of actionban, which will execute pushbullet-fail2ban:

# (example)
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
            /path/to/this/pushbullet-fail2ban "<name>" "<ip>"

(Of course, you should edit /path/to/this/ to yours.)

Now, edit your jail.local file:

$ sudo vi /etc/fail2ban/jail.local

banaction should be edited like this:

#banaction = iptables-multiport
banaction = iptables-multiport-letmeknow

Finally, restart the Fail2ban service:

$ sudo service fail2ban restart

6. Additionally

Geo ip info is provided by FreeGeoIP.

If you want to see more about the geo ip (like zip code, longitude/latitude, or etc.),

edit the lines near the call of getFreeGeoIpResult() function.