Fail2ban whitelist for users with dynamic IP?

Dear levelonetech community,

I am using fail2ban to block unauthorized access for mail and https logins. And it works like a charm. But sometimes users mistype their password often enough to be blocked by fail2ban.

Is it possible to whitelist an IP address for some time (8h) after the user was successfully logged in?
The IPs of home offices change daily, and most of the time the users were successfully logged it just a few minutes or hours before they mistype their credentials.

Thanks a lot.

You could use a ipset script along with a dynamic DNS hostname to whitelist your office IP address on the server. Just make sure the new iptables whitelist rule is above fail2ban and they shouldn’t get blocked again.