I want to use Fail2ban to add & subtract IPs from Sophos's Firewall.
I've looked that the API documentation at https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf and curl example in section 6.1 looks like the way to go.
curl -X POST --header 'Content-Type: application/json' \ --header 'Accept: text/json' \
--header 'X-RESTD-SESSION: close' \
--header 'X-RESTD-INSERT: packetfilter.rules' \
--header 'Authorization: Basic YWRtaW46cHBwcA==' \ -d '{"action":"accept", "destinations":["REF_NetworkAny"], "direction":"in",
"log":true,
"services":["REF_ServiceAny"],
"sources":["REF_NetworkAny"],
"status":true}' \
'https://<UTM IP>:4444/api/objects/packetfilter/packetfilter/'
In that example, where would I put the IP to block?
Is there a better way to do this?
Has anyone managed to use Fail2ban with Sophos UTM?
Thanks, James.
This thread was automatically locked due to age.