Automation: Using Fail2Ban to populate an NSX IPSet

Posted August 24, 2018 By Phil Conway

Those of us who are Linux admins will be used to seeing the following on internet-exposed servers:

Aug 24 18:59:47 myinternetbox ftp: pam_unix(ftp:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd11462 ruser=phil rhost=  user=phil
Aug 24 18:51:30 myinternetbox dovecot: imap-login: Disconnected (auth failed, 1 attempts in 7 secs): user=<root@local>, method=PLAIN, rip=, TLS, session=<yPggBjJ0swByYzMZ>
Aug 23 01:20:51 myinternetbox sendmail[18841]: warning: unknown[]: SASL LOGIN authentication failed: authentication failure

Those same admins will probably be aware of fail2ban, a really cool tool that acts as an intrusion detection mechanism. It scans Linux system logs looking for similar messages to the above (either using the present filters or any you’ve rolled yourself) to look for evidence that someone is trying to get into your system and failing.

Where such logons are detected, you can choose a multitude of retaliatory actions, including adding the offending IP address to iptables as a blocked address, effectively preventing that IP from initiating any further logon attempts to your app. This proves useful where someone is attempting to brute-force a connection to your box by running through all the possible logons and passwords – if they get blocked after the first five attempts, that really limits their potential combinations and chances for success.

Thing is, fail2ban only protects your local linux instance. What if you’re running lots of them (say virtual machines) and they’re hosted on an NSX-enabled cluster? Thats where the script below comes in.

I’ve created this as a way to instantly add malicious IPs to an NSX IPSet. You would typically have this IPSet as the source/destination of an NSX firewall rule preventing any connectivity to/from it.

The script reads the IPset you specify via an API call (GET), parses the XML, appends your offending IP to the existing list, increments the revision number for the IPSet, and then updates the IPset via a second API call (PUT).

In order for this to work, you’ll need:

1) NSX installed and configured correctly on the ESXi cluster you’re running your VMs on
2) At least one linux VM running fail2ban
3) An NSX service account with the necessary privileges to read/write to the NSX API (Security Admin or above). Don’t use your default admin account, this is bad security practice 😉
4) A new IPSet that is linked to a deny-all rule at or near the top of your firewall rule table in NSX (with a single sample IP to start, I used, unlikely to be used on anything internet-facing)
5) This script deploying on your fail2ban hosts and the configuration of a custom fail2ban action invoking it.

Once you have the script deployed, you’ll want to revist your fail2ban configuration to ensure that anyone trying to brute force your FTP/POP/IMAP/SMTP/SSH or HTTP instances is automatically added to the list. You’d tweak your settings as needed (don’t make them too intolerant of logins or your could lock legitimate users out of everything in one go).

To call it, just save it as a bash script (.sh), change the permissions to allow execution (chmod +x) and then execute it with the first variable passed being the IP address you want to add. As an example, if you named your script, and you wanted to add to the list, you’d call “./”.

I just created this as a bit of fun, it would probably be of most use on a honeypot VM that is internet facing, or on a web/mail VM that is being bombarded with these logons. I’ll be updating this post with a second script to remove the IP from the list shortly. Feel free to use this code as you see fit.

# Bash script used to send banned IP addresses to an NSX manager.
# Phil Conway / code geek at philconway dot net
# version 0.1 
# Free to redistribute, amend or edit, use at your own risk

# Variables:

nsxpassword=nsx password

# Fetch contents of current IPSet blacklist and temporarily store in file
curl -u "$nsxusername:$nsxpassword" -X GET https://$nsxmanip/api/2.0/services/ipset/$ipsetref -k > ipset.xml

#// For reference, XML structure should look like this:

#<?xml version="1.0" encoding="UTF-8"?>
# <objectId>ipset-6</objectId>
# <objectTypeName>IPSet</objectTypeName>
# <vsmUuid>42222DF6-97C4-E598-C3AA-28BD43CD79D7</vsmUuid>
# <nodeId>b91e63cf-6a9a-4edc-8f06-0f978ce52e48</nodeId>
# <revision>1</revision>
# <type>
# <typeName>IPSet</typeName>
# </type>
# <name>fail2ban IPBL</name>
# <description></description>
# <scope>
# <id>globalroot-0</id>
# <objectTypeName>GlobalRoot</objectTypeName>
# <name>Global</name>
# </scope>
# <clientHandle></clientHandle>
# <extendedAttributes/>
# <isUniversal>false</isUniversal>
# <universalRevision>0</universalRevision>
# <isTemporal>false</isTemporal>
# <inheritanceAllowed>false</inheritanceAllowed>
# <value></value>
# //

# Seperate out IPsets recorded to date and current revision:
revision=($(grep -oP '(?<=revision>)[^<]+' "ipset.xml" ))
ipsets=($(grep -oP '(?<=value>)[^<]+' "ipset.xml" ))

# Increment revision:
revision=$((revision + 1))

# Append New IP address to existing list:
newipset="$ipsets, $blacklistip"

# Construct updated IPSet XML:

echo '<?xml version="1.0" encoding="UTF-8"?>' > update.xml
echo '<ipset>' >> update.xml
echo '<objectId>ipset-6</objectId>' >> update.xml
echo "<revision>$revision</revision>" >> update.xml
echo "<name>fail2ban IPBL</name>" >> update.xml 
echo "<value>$newipset</value>" >> update.xml
echo '</ipset>' >> update.xml
# //

# Send as new PUT call to NSX manager: 
curl -u "$nsxusername:$nsxpassword" -X PUT https://$nsxmanip/api/2.0/services/ipset/$ipsetref -k --header "Content-Type: application/xml" -d @update.xml

rm -rf ipset.xml
rm -rf update.xml



January Demo

Posted February 4, 2013 By Phil Conway

My January demo is now available to listen to (or download) free of charge below.



1) Maxxi Soundsystem & Name One – Regrets We Have No Use For (Original Mix)
2) Della Zouch – Leave Him Alone (Original Mix)
3) Justin Martin – Ruff Stuff (Eats Everything Reruff Mix)
4) SKAM – I Got What You Need (Shadow Child Freakmix)
5) Hot Chip – Night & Day (Dusky Mix)
6) Tom Budden – Norooz (Original Mix)
7) Bubba – Make Me Feel (Original Mix)
8) Leftwing & Kody – Let Go (Original Mix)
9) AudioJack – Plastic Dreams (20 Year Anniversary Mix)
10) Scuba – Hardbody (Original Mix)
11) Underworld – Dark & Long (Christian Smith Mix)


December promo mix now available…

Posted December 3, 2012 By Phil Conway

Here’s a tasty slice of new Deep House to get your ears round… enjoy!


1) Evren Furtuna – Love Is Killing Me (Original Mix)
2) Fabien Kamb – Feels Like Disco (Big Al Remix)
3) Le Vinyl, Javi Bora, Melohman – Rolla Rolla (Original Mix)
4) Huxley – No Matter What (Original Mix)
5) Deep & Suga, Uner – La Revolucion (Original Mix)
6) NTFO & Rhadow – Perfect Love (Original Mix)
7) Totally Extinct Enormous Dinosaurs – Your Love (Waze & Odyssey Mix)
8) Freaks – Black Shoes White Socks (Cajmere Mix)
9) Oliver $ – Hoes (Original Mix)
10) Scuba – Talk Torque (Original Mix)
11) wAFF – Jo Johnson (Original Mix)
12) Infinity Ink – Infinity (Claude VonStroke Mix)


New Mixes

Posted October 5, 2012 By Phil Conway

Hi all,

It’s been a while since I posted new stuff on the site, so be prepared for two mixes at once!

Firstly, my latest deep-house demo is up (below). In addition to this I’ve also thrown together a bit of a nostalgia trip for the forthcoming Cream Classics event at Newcastle University.

October Mix:


1) Climbers – Equal Responsibility (Original Mix)
2) Hadrian & Renoa – Laptop Is My Friend (Original Mix)
3) Hernan Cerbello – Washed Pants (Original Mix)
4) Last Magpie – Get You Thinking (Original Mix)
5) Last Magpie – Club Whore (Original Mix)
6) Maya Jane Coles – Getting Freaky (Original Mix)
7) Lemon Popsicle – Bistra (Graham Laverty Mix)
8) Dusky – Mystics (Original Mix)
9) HNQO – Point of View (Original Mix)
10 Tiga – Pleasure From The Bass (Subb-an Remix)


Classics Mix (available here):

Gat Decor – Passion (Original Mix)
Pamela Fernandez – Kickin’ In The Beat (Acapella)
Johnny Corporate – Sunday Shouting (Original Mix)
Eddie Amador – Rise (Preacherpella)
Laurent Garnier – The Man With The Red Face (Jan Driver Mix)
King Unique – Love Is What You Need (Look Aheadapella)
Double 99 – Rip Groove (Original Mix)
Mylo – Drop The Pressure (Original Mix)
Stardust – Music Sounds Better With You (Original Mix)
Roger Sanchez – You Can’t Change Me (Acapella)
Alan Braxe & Fred Falke present R: The Intro
G-Club presents Banda Sonora – Guitarra G (Original Mix)
Kings of Tomorrow – Finally (Danny Tenaglia’s Return to Paradise Mix)
Kenny Dope Gonzalez Pres. The Bucketheads – The Bomb (These Sounds Fall Into My Mind)(Armand Van Helden Mix)
New Order – Blue Monday (Original Mix)




April Mix / Bitch & Audio Rehab Promo

Posted April 4, 2012 By Phil Conway

Here’s a mix I put together as a promotional demo before I play at Bitch on Easter Sunday at Digital Newcastle, alongside Hardwell, Kim Fai, Kryder, Third Party, Che Armstrong, (with me spinning in the Audio Rehab room with Jordan Fish, Kenny Morrison, & Mike Louth.)


1) Adana Twins – Strange (Original Mix)
2) Dodi Palese – Rolling Spaces (Santorini Mix)
3) Jay Tripwire – 9th Ward (Original Mix)
4) Abyss – Be Free (Original Mix)
5) Andre Crom & Martin Dawson – Gonna Be Alright (Huxley Mix)
6) Karol XVII & MB Valence – The Rusty Piano (Shur-i-kan Mix)
7) Physics & Daisy – Holdin? On (Karol XVII & MB Valence Mix)
8) Sebo K – Mr Duke (Alternative Version)
9) Greg Stainer – Sax is Back (Karol XVII & MB Valence Mix)
10) Marcus Eden – Something I Feel (Dejan Dex Mix)
11) Hector – What The Hec? (Original Mix)
12) Maya Jane Coles – Beat Faster (Original Mix)


Some upcoming events…

Posted February 14, 2012 By Phil Conway

Just had a few events confirmed in quick succession, so I thought I’d provide more details of them on here.

I’ll be playing at the launch of new House/Electro night MAGNETIC on March 10th at The Globe, alongside Tom Boston, Vicky Vegas, Paul Bhudoye and Paul Junior.

I’ll also be DJing with the rather nice gents that are Jerry Spinner, Andy Woodall, Carl Lumsden (and good mate Ian Cox) at the Homespun 1st Birthday Party at North Bar on March 30th.

Last but not least, I’ve been asked to play as part of the supporting lineup for a massive gig at Digital Newcastle on Easter Sunday, as part of a Bitch Events/Audio Rehab tag team. I’ll be playing Room 2 alongside Kenny Morrison, Mike Louth, and Jordan Fish. The main room features local AR resident Che Armstrong, Bitch resident Kryder, and house heavyweights Third Party, Kim Fai, and Hardwell.

I’ll be uploading a new demo fairly shortly for these events, so watch this space 🙂


More info:

The Globe (Facebook)

Homespun (Facebook)

Bitch Events (Facebook)

Audio Rehab (Facebook)

Digital Newcastle (Facebook) (Facebook)



december mix

Posted December 18, 2011 By Phil Conway

Here’s a new mix I’ve finished. Feel free to download and stream (click to play in your browser).


1 ) Wally Stryk – Walbec (Original Mix)
2 ) High Tech Soul – Meditating Mole (Simuck Mix)
3 ) Dave DK – Byway (Original Mix)
4 ) Alexander Fog – Increase (Original Mix)
5 ) Solid Soul – Never Too Much (Original Mix)
6 ) Dudley Strange – Depin (Michael Mclardy Mix)
7 ) Audiojack – Get Serious (Original Mix)
8 ) Good Guyz – Looking Back (Baraso Mix)
9 ) Skai &amp; Chris Minus – FRAKO (Soul Minority Mix)
10 ) Todd Terry – Uncle Tech (Maya Jane Coles Mix)

As this is probably the last mix from me this year, I’d like to take this opportunity to thank Kerry & Vicky at The Globe, Che at Audio Rehab, Alan and team at Digital, and everyone else who has been kind enough to have me play, or who has been there listening (and hopefully dancing!), or anyone who has taken the time to listen to any of these mixes.

This year, I’ve managed things I didn’t think possible previously, so hopefully next year will be just as good if not better.

Merry Christmas and a Happy New Year to you all.


October Mix

Posted October 15, 2011 By Phil Conway

As a little bit of a taster of what you can expect from me in Room 2 at Digital in a few weeks time, I’ve prepared an hours worth of house goodness, which you can listen to and download for free below.

As always, comments and constructive feedback are welcome and greatly appreciated.


1 ) Cyx – Lullaby (Original Mix)
2 ) John Watt – Us (Original Mix)
3 ) Ruthit – Deep Blue (Original Mix)
4 ) Kruse & Nuernberg – About Unity (Original Mix)
5 ) Michael Mclardy – Deep Nothing (Original Mix)
6 ) Ivan Picazo – Squid Legs (Karol XVII & MB Valence Loco Mix)
7 ) Matt Fear – Nothing Stays The Same (Matico Mix)
8 ) Alex Aguilar – Try Outs (Original Mix)
9 ) Graham Laverty – Melbourne House (Original Mix)
10 )Ell-Er – If You Die (Luca De Lorso Mix)
11 )Stryke – Her Eyes Are Stars (Acid Symphony Mix)

Eric Prydz Flyer

Eric Prydz Flyer

I’ve been asked to play as part of the support for Eric Prydz’s next trip to Digital. As this is going to be absolutely massive, I’m nervous already!

Most of us know Eric Prydz for his chart success with Stevie Winwood’s sampling Call on Me (with that video), his reworking of Pink Floyd’s The Wall, and piano-heavy track Pjanoo. However, thats not all he’s been working on. Under the aliases Sheridan, Cirez D, Pryda, Moo, Fitzy, A&P Project, AxEr, Hardform, Dukes of Sluca, and Groove System, Eric Prydz has been churning out dance floor destroyers, including his latest single under his real name, “2Night”, which has topped the Beatport charts and will probably be doing the same to the official commercial charts fairly shortly.

Eric will be supported in the main room by Jeremy Olander (who has recently had tracks released on Eric’s “Pryda Records” label)  and Audio Rehab/Neuroscience resident Che Armstrong. I’m in Room 2 (The Terrace Room) with Steve Love and Paul McMurray.

Tickets are available from ticketweb or from Beatdown/RPM in Newcastle. has the full event info here.


Audio Rehab Podcast 005 – Che Armstrong & Phil Conway

Posted October 1, 2011 By Phil Conway

The Audio Rehab guys, who have been kind enough to have me play at two of their events (supporting Above & Beyond in March and Paul Van Dyk in August, both at Digital Newcastle), asked me to produce a special guest mix for the latest episode of the Audio Rehab podcast.

My half of the podcast is available to play via the Soundcloud player below, or you can download the full thing via the Audio Rehab page here:


Ché Armstrong
01 Sasha – Cut Me Down (Kobana Remix)
02 Matt Lange – Rift (Andrew Bayer Remix)
03 Narel – Run (Planisphere Remix)
04 Ame – Rej (Original)
05 Quivver – Orgazoid (Mix 1)
06 Vincenzo – To Hume
07 Moonbeam – Tiger (Roland M. Dill ‘Got Him By The Tail’ Remix)
08 Dusky, Janai – Lost In You feat. Janai (Extended Vocal Mix)
09 Jim Rivers – Black Keys (Gai Barone Remix)
10 Jody Wisternoff – Nostalgia (Remix)
Phil Conway (Guest Mix)
11 Chris Lattner – Omolo (Original Mix)
12 Markus Homm – Violent Movement (Original Mix)
13 Adam Shelton & Subb-An – Feels So Real (Original Mix)
14 Azari & III – Hungry For The Power (Jamie Jones Mix)
15 Shlomi Aber – New York Dreamer (Alix Alvarez Mix)
16 Osunade – Envision (Ame Mix)
17 Maya Jane Coles – You (Edu Imbernon Mix)