initial push

README.md

@@ -1,2 +1,100 @@
-# fail2ban-ui
-A Go-based, single-page web interface for managing Fail2ban. Built by Swissmakers.
+# Fail2ban UI
+
+A **Go**-powered, **single-page** web interface for [Fail2ban](https://www.fail2ban.org/).  
+It provides a modern dashboard to currently:
+
+- View all Fail2ban jails and banned IPs
+- Unban IP addresses directly
+- Edit and save jail/filter configs
+- Reload Fail2ban when needed
+- See recent ban events
+
+Built by [Swissmakers GmbH](https://swissmakers.ch).
+
+---
+
+## Features
+
+1. **Basic Real-time Dashboard**  
+   - Automatically loads all jails, banned IPs, and last 5 ban events on page load.
+
+2. **Unban IPs**  
+   - Unban any blocked IP without needing direct CLI access.
+
+3. **Edit Fail2ban Configs**  
+   - Click on any jail name to open a modal with raw config contents (from `/etc/fail2ban/filter.d/*.conf` by default).  
+   - Save changes, then reload Fail2ban.
+
+4. **Responsive UI**  
+   - Built with [Bootstrap 5](https://getbootstrap.com/).
+
+5. **Loading Overlay & Reload Banner**  
+   - Displays a loading spinner for all operations.  
+   - Shows a reload banner when configuration changes occur.
+
+---
+
+## Requirements
+
+- **Go 1.22.9+** (module-compatible)
+- **Fail2ban** installed and running
+- **Linux** environment with permissions to run `fail2ban-client` and read/write config files (e.g., `/etc/fail2ban/filter.d/`)
+- Sufficient privileges to reload Fail2ban (run as `sudo` or configure your system accordingly)
+
+---
+
+## Installation & Usage
+
+1. **Clone the repository**:
+   ```bash
+   git clone https://github.com/swissmakers/fail2ban-ui.git
+   cd fail2ban-ui
+   ```
+
+2. **Initialize or tidy Go modules** (optional if you already have them):
+   ```bash
+   go mod tidy
+   ```
+
+3. **Run the server** (with `sudo` if necessary):
+   ```bash
+   sudo go run ./cmd/server
+   ```
+   By default, it listens on port `:8080`.
+
+4. **Open the UI**:
+   - Visit [http://localhost:8080/](http://localhost:8080/) (or replace `localhost` with your server IP).
+
+5. **Manage Fail2ban**:
+   - See jails and banned IPs on the main dashboard
+   - Unban IPs via the “Unban” button
+   - Edit jail configs by clicking the jail name
+   - Save your changes, then **reload** Fail2ban using the top banner prompt
+
+---
+
+## Security Considerations
+
+- Running this UI typically requires **root** or sudo privileges to execute `fail2ban-client` and manipulate config files.  
+- Consider restricting network access or using authentication (e.g., reverse proxy with Basic Auth or a firewall rule) to ensure only authorized users can access the dashboard.  
+- Make sure your Fail2ban logs and configs aren’t exposed publicly.
+
+---
+
+## Contributing
+
+We welcome pull requests and issues! Please open an [issue](./issues) if you find a bug or have a feature request.
+
+1. **Fork** this repository
+2. **Create** a new branch: `git checkout -b feature/my-feature`
+3. **Commit** your changes: `git commit -m 'Add some feature'`
+4. **Push** to the branch: `git push origin feature/my-feature`
+5. **Open** a pull request
+
+---
+
+## License
+
+```text
+GNU GENERAL PUBLIC LICENSE, Version 3
+```

cmd/server/main.go

@@ -0,0 +1,23 @@
+package main
+
+import (
+	"log"
+
+	"github.com/gin-gonic/gin"
+	"github.com/swissmakers/fail2ban-ui/pkg/web"
+)
+
+func main() {
+	r := gin.Default()
+
+	// Load HTML templates from pkg/web/templates
+	r.LoadHTMLGlob("pkg/web/templates/*")
+
+	// Register our routes (IndexHandler, /api/summary, /api/jails/:jail/unban/:ip)
+	web.RegisterRoutes(r)
+
+	log.Println("Starting Fail2ban UI on :8080. Run with 'sudo' if fail2ban-client requires it.")
+	if err := r.Run(":8080"); err != nil {
+		log.Fatalf("Server crashed: %v", err)
+	}
+}

go.mod

@@ -0,0 +1,34 @@
+module github.com/swissmakers/fail2ban-ui
+
+go 1.22.9
+
+require github.com/gin-gonic/gin v1.10.0
+
+require (
+	github.com/bytedance/sonic v1.11.6 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.20.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
+	golang.org/x/arch v0.8.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

go.sum

@@ -0,0 +1,89 @@
+github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
+github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
+github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
+github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
+github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
+github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
+github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
+github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
+golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=

internal/fail2ban/client.go

@@ -0,0 +1,156 @@
+package fail2ban
+
+import (
+	"fmt"
+    "io/ioutil"
+    "os/exec"
+    "path/filepath"
+	"strings"
+	"time"
+)
+
+type JailInfo struct {
+	JailName       string   `json:"jailName"`
+	TotalBanned    int      `json:"totalBanned"`
+	NewInLastHour  int      `json:"newInLastHour"`
+	BannedIPs      []string `json:"bannedIPs"`
+}
+
+// GetJails returns all configured jails using "fail2ban-client status".
+func GetJails() ([]string, error) {
+	cmd := exec.Command("fail2ban-client", "status")
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return nil, fmt.Errorf("could not run 'fail2ban-client status': %v", err)
+	}
+
+	var jails []string
+	lines := strings.Split(string(out), "\n")
+	for _, line := range lines {
+		if strings.Contains(line, "Jail list:") {
+			parts := strings.Split(line, ":")
+			if len(parts) > 1 {
+				raw := strings.TrimSpace(parts[1])
+				jails = strings.Split(raw, ",")
+				for i := range jails {
+					jails[i] = strings.TrimSpace(jails[i])
+				}
+			}
+		}
+	}
+	return jails, nil
+}
+
+// GetBannedIPs returns a slice of currently banned IPs for a specific jail.
+func GetBannedIPs(jail string) ([]string, error) {
+	cmd := exec.Command("fail2ban-client", "status", jail)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return nil, fmt.Errorf("fail2ban-client status %s failed: %v", jail, err)
+	}
+
+	var bannedIPs []string
+	lines := strings.Split(string(out), "\n")
+	for _, line := range lines {
+		if strings.Contains(line, "IP list:") {
+			parts := strings.Split(line, ":")
+			if len(parts) > 1 {
+				ips := strings.Fields(strings.TrimSpace(parts[1]))
+				bannedIPs = append(bannedIPs, ips...)
+			}
+			break
+		}
+	}
+	return bannedIPs, nil
+}
+
+// UnbanIP unbans an IP from the given jail.
+func UnbanIP(jail, ip string) error {
+	// We assume "fail2ban-client set <jail> unbanip <ip>" works.
+	cmd := exec.Command("fail2ban-client", "set", jail, "unbanip", ip)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("error unbanning IP %s from jail %s: %v\nOutput: %s", ip, jail, err, out)
+	}
+	return nil
+}
+
+// BuildJailInfos returns extended info for each jail:
+// - total banned count
+// - new banned in the last hour
+// - list of currently banned IPs
+func BuildJailInfos(logPath string) ([]JailInfo, error) {
+	jails, err := GetJails()
+	if err != nil {
+		return nil, err
+	}
+
+	// Parse the log once, so we can determine "newInLastHour" per jail
+	// for performance reasons. We'll gather all ban timestamps by jail.
+	banHistory, err := ParseBanLog(logPath)
+	if err != nil {
+		// If fail2ban.log can't be read, we can still show partial info.
+		banHistory = make(map[string][]BanEvent)
+	}
+
+	oneHourAgo := time.Now().Add(-1 * time.Hour)
+
+	var results []JailInfo
+	for _, jail := range jails {
+		bannedIPs, err := GetBannedIPs(jail)
+		if err != nil {
+			// Just skip or handle error per jail
+			continue
+		}
+
+		// Count how many bans occurred in the last hour for this jail
+		newInLastHour := 0
+		if events, ok := banHistory[jail]; ok {
+			for _, e := range events {
+				if e.Time.After(oneHourAgo) {
+					newInLastHour++
+				}
+			}
+		}
+
+		jinfo := JailInfo{
+			JailName:      jail,
+			TotalBanned:   len(bannedIPs),
+			NewInLastHour: newInLastHour,
+			BannedIPs:     bannedIPs,
+		}
+		results = append(results, jinfo)
+	}
+	return results, nil
+}
+
+// GetJailConfig returns the config content for a given jail.
+// Example: we assume each jail config is at /etc/fail2ban/filter.d/<jail>.conf
+// Adapt this to your environment.
+func GetJailConfig(jail string) (string, error) {
+    configPath := filepath.Join("/etc/fail2ban/filter.d", jail+".conf")
+    content, err := ioutil.ReadFile(configPath)
+    if err != nil {
+        return "", fmt.Errorf("failed to read config for jail %s: %v", jail, err)
+    }
+    return string(content), nil
+}
+
+// SetJailConfig overwrites the config file for a given jail with new content.
+func SetJailConfig(jail, newContent string) error {
+    configPath := filepath.Join("/etc/fail2ban/filter.d", jail+".conf")
+    if err := ioutil.WriteFile(configPath, []byte(newContent), 0644); err != nil {
+        return fmt.Errorf("failed to write config for jail %s: %v", jail, err)
+    }
+    return nil
+}
+
+// ReloadFail2ban runs "fail2ban-client reload"
+func ReloadFail2ban() error {
+    cmd := exec.Command("fail2ban-client", "reload")
+    out, err := cmd.CombinedOutput()
+    if err != nil {
+        return fmt.Errorf("fail2ban reload error: %v\nOutput: %s", err, out)
+    }
+    return nil
+}

internal/fail2ban/logparse.go

@@ -0,0 +1,99 @@
+package fail2ban
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"regexp"
+	//"strings"
+	"time"
+)
+
+var (
+	// Typical fail2ban log line:
+	//  2023-01-20 10:15:30,123 fail2ban.actions [1234]: NOTICE  [sshd] Ban 192.168.0.101
+	logRegex = regexp.MustCompile(`^(\S+\s+\S+) fail2ban\.actions.*?\[\d+\]: NOTICE\s+\[(\S+)\]\s+Ban\s+(\S+)`)
+)
+
+// BanEvent holds details about a ban
+type BanEvent struct {
+	Time    time.Time
+	Jail    string
+	IP      string
+	LogLine string
+}
+
+// ParseBanLog returns a map[jailName]BanEvents and also the last 5 ban events overall.
+func ParseBanLog(logPath string) (map[string][]BanEvent, error) {
+	file, err := os.Open(logPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open fail2ban log: %v", err)
+	}
+	defer file.Close()
+
+	eventsByJail := make(map[string][]BanEvent)
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		line := scanner.Text()
+
+		matches := logRegex.FindStringSubmatch(line)
+		if len(matches) == 4 {
+			// matches[1] -> "2023-01-20 10:15:30,123"
+			// matches[2] -> jail name, e.g. "sshd"
+			// matches[3] -> IP, e.g. "192.168.0.101"
+			timestampStr := matches[1]
+			jail := matches[2]
+			ip := matches[3]
+
+			// parse "2023-01-20 10:15:30,123" -> time.Time
+			parsedTime, err := time.Parse("2006-01-02 15:04:05,000", timestampStr)
+			if err != nil {
+				// If parse fails, skip or set parsedTime=zero
+				continue
+			}
+
+			ev := BanEvent{
+				Time:    parsedTime,
+				Jail:    jail,
+				IP:      ip,
+				LogLine: line,
+			}
+
+			eventsByJail[jail] = append(eventsByJail[jail], ev)
+		}
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+	return eventsByJail, nil
+}
+
+// GetLastFiveBans crawls the parse results to find the last 5 ban events overall.
+func GetLastFiveBans(eventsByJail map[string][]BanEvent) []BanEvent {
+	var allEvents []BanEvent
+	for _, events := range eventsByJail {
+		allEvents = append(allEvents, events...)
+	}
+
+	// Sort by time descending
+	// (We want the latest 5 ban events)
+	sortByTimeDesc(allEvents)
+
+	if len(allEvents) > 5 {
+		return allEvents[:5]
+	}
+	return allEvents
+}
+
+// A simple in-file sorting utility
+func sortByTimeDesc(events []BanEvent) {
+	for i := 0; i < len(events); i++ {
+		for j := i + 1; j < len(events); j++ {
+			if events[j].Time.After(events[i].Time) {
+				events[i], events[j] = events[j], events[i]
+			}
+		}
+	}
+}

pkg/web/handlers.go

@@ -0,0 +1,130 @@
+package web
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/swissmakers/fail2ban-ui/internal/fail2ban"
+)
+
+// SummaryResponse is what we return from /api/summary
+type SummaryResponse struct {
+	Jails    []fail2ban.JailInfo     `json:"jails"`
+	LastBans []fail2ban.BanEvent     `json:"lastBans"`
+}
+
+// SummaryHandler returns a JSON summary of all jails, including
+// number of banned IPs, how many are new in the last hour, etc.
+// and the last 5 overall ban events from the log.
+func SummaryHandler(c *gin.Context) {
+	const logPath = "/var/log/fail2ban.log"
+
+	jailInfos, err := fail2ban.BuildJailInfos(logPath)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Parse the log to find last 5 ban events
+	eventsByJail, err := fail2ban.ParseBanLog(logPath)
+	lastBans := make([]fail2ban.BanEvent, 0)
+	if err == nil {
+		// If we can parse logs successfully, let's gather all events
+		var all []fail2ban.BanEvent
+		for _, evs := range eventsByJail {
+			all = append(all, evs...)
+		}
+		// Sort by descending time
+		sortByTimeDesc(all)
+		if len(all) > 5 {
+			lastBans = all[:5]
+		} else {
+			lastBans = all
+		}
+	}
+
+	resp := SummaryResponse{
+		Jails:    jailInfos,
+		LastBans: lastBans,
+	}
+	c.JSON(http.StatusOK, resp)
+}
+
+// UnbanIPHandler unbans a given IP in a specific jail.
+func UnbanIPHandler(c *gin.Context) {
+	jail := c.Param("jail")
+	ip := c.Param("ip")
+
+	err := fail2ban.UnbanIP(jail, ip)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"message": "IP unbanned successfully",
+	})
+}
+
+func sortByTimeDesc(events []fail2ban.BanEvent) {
+	for i := 0; i < len(events); i++ {
+		for j := i + 1; j < len(events); j++ {
+			if events[j].Time.After(events[i].Time) {
+				events[i], events[j] = events[j], events[i]
+			}
+		}
+	}
+}
+
+// IndexHandler serves the main HTML page
+func IndexHandler(c *gin.Context) {
+	c.HTML(http.StatusOK, "index.html", gin.H{
+		"timestamp": time.Now().Format(time.RFC1123),
+	})
+}
+
+// GetJailConfigHandler returns the raw config for a given jail
+func GetJailConfigHandler(c *gin.Context) {
+    jail := c.Param("jail")
+    cfg, err := fail2ban.GetJailConfig(jail)
+    if err != nil {
+        c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+        return
+    }
+    c.JSON(http.StatusOK, gin.H{
+        "jail":   jail,
+        "config": cfg,
+    })
+}
+
+// SetJailConfigHandler overwrites the jail config with new content
+func SetJailConfigHandler(c *gin.Context) {
+    jail := c.Param("jail")
+
+    var req struct {
+        Config string `json:"config"`
+    }
+    if err := c.ShouldBindJSON(&req); err != nil {
+        c.JSON(http.StatusBadRequest, gin.H{"error": "invalid JSON body"})
+        return
+    }
+
+    if err := fail2ban.SetJailConfig(jail, req.Config); err != nil {
+        c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+        return
+    }
+
+    c.JSON(http.StatusOK, gin.H{"message": "jail config updated"})
+}
+
+// ReloadFail2banHandler reloads the Fail2ban service
+func ReloadFail2banHandler(c *gin.Context) {
+    err := fail2ban.ReloadFail2ban()
+    if err != nil {
+        c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+        return
+    }
+    c.JSON(http.StatusOK, gin.H{"message": "Fail2ban reloaded successfully"})
+}

pkg/web/routes.go

@@ -0,0 +1,24 @@
+package web
+
+import (
+	"github.com/gin-gonic/gin"
+)
+
+// RegisterRoutes sets up the routes for the Fail2ban UI.
+func RegisterRoutes(r *gin.Engine) {
+	// Render the dashboard
+	r.GET("/", IndexHandler)
+
+    api := r.Group("/api")
+    {
+        api.GET("/summary", SummaryHandler)
+        api.POST("/jails/:jail/unban/:ip", UnbanIPHandler)
+
+        // New config endpoints
+        api.GET("/jails/:jail/config", GetJailConfigHandler)
+        api.POST("/jails/:jail/config", SetJailConfigHandler)
+
+        // Reload endpoint
+        api.POST("/fail2ban/reload", ReloadFail2banHandler)
+    }
+}

pkg/web/templates/index.html

@@ -0,0 +1,350 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8"/>
+  <title>Fail2ban UI Dashboard</title>
+  <!-- Bootstrap 5 (CDN) -->
+  <link 
+    href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" 
+    rel="stylesheet" 
+  />
+  <style>
+    /* Loading overlay styling */
+    #loading-overlay {
+      display: none; /* hidden by default */
+      position: fixed;
+      top: 0; left: 0;
+      width: 100%; height: 100%;
+      background: rgba(0,0,0,0.5);
+      z-index: 9999; /* on top */
+      align-items: center;
+      justify-content: center;
+    }
+    .spinner-border {
+      width: 4rem; height: 4rem;
+    }
+
+    /* Reload banner */
+    #reloadBanner {
+      display: none;
+    }
+  </style>
+</head>
+<body class="bg-light">
+<!-- NavBar -->
+<nav class="navbar navbar-expand-lg navbar-dark bg-primary">
+  <div class="container-fluid">
+    <a class="navbar-brand" href="#">
+      <strong>Fail2ban UI</strong>
+    </a>
+  </div>
+</nav>
+
+<!-- Reload Banner -->
+<div id="reloadBanner" class="bg-warning text-dark p-3 text-center">
+  <strong>Configuration changed! </strong>
+  <button class="btn btn-dark" onclick="reloadFail2ban()">
+    Reload Fail2ban
+  </button>
+</div>
+
+<div class="container my-4">
+  <h1 class="mb-4">Dashboard</h1>
+  <div id="dashboard"></div>
+</div>
+
+<!-- Footer -->
+<footer class="text-center mt-4 mb-4">
+  <p class="mb-0">
+    &copy; <a href="https://swissmakers.ch" target="_blank">Swissmakers GmbH</a>
+    -
+    <a href="https://github.com/swissmakers/fail2ban-ui" target="_blank">
+      GitHub
+    </a>
+  </p>
+</footer>
+
+<!-- Loading Overlay -->
+<div id="loading-overlay" class="d-flex">
+  <div class="spinner-border text-light" role="status">
+    <span class="visually-hidden">Loading...</span>
+  </div>
+</div>
+
+<!-- Jail Config Modal -->
+<div class="modal fade" id="jailConfigModal" tabindex="-1" aria-hidden="true">
+  <div class="modal-dialog modal-lg modal-dialog-scrollable">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h5 class="modal-title">
+          Filter Config: <span id="modalJailName"></span>
+        </h5>
+        <button type="button" class="btn-close" data-bs-dismiss="modal"
+          aria-label="Close"></button>
+      </div>
+      <div class="modal-body">
+        <textarea id="jailConfigTextarea" class="form-control" rows="15"></textarea>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="btn btn-secondary"
+          data-bs-dismiss="modal">Cancel</button>
+        <button type="button" class="btn btn-primary" onclick="saveJailConfig()">
+          Save
+        </button>
+      </div>
+    </div>
+  </div>
+</div>
+
+<!-- Bootstrap 5 JS (for modal, etc.) -->
+<script 
+  src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js">
+</script>
+
+<script>
+"use strict";
+
+// We avoid ES6 backticks here to prevent confusion with the Go template parser.
+
+var currentJailForConfig = null;
+
+// Toggle the loading overlay (with !important)
+function showLoading(show) {
+  var overlay = document.getElementById('loading-overlay');
+  if (show) {
+    overlay.style.setProperty('display', 'flex', 'important');
+  } else {
+    overlay.style.setProperty('display', 'none', 'important');
+  }
+}
+
+window.addEventListener('DOMContentLoaded', function() {
+  showLoading(true);
+  fetchSummary().then(function() {
+    showLoading(false);
+  });
+});
+
+// Fetch summary (jails, stats, last 5 bans)
+function fetchSummary() {
+  return fetch('/api/summary')
+    .then(function(res) { return res.json(); })
+    .then(function(data) {
+      if (data.error) {
+        document.getElementById('dashboard').innerHTML =
+          '<div class="alert alert-danger">' + data.error + '</div>';
+        return;
+      }
+      renderDashboard(data);
+    })
+    .catch(function(err) {
+      document.getElementById('dashboard').innerHTML =
+        '<div class="alert alert-danger">Error: ' + err + '</div>';
+    });
+}
+
+// Render the main dashboard
+function renderDashboard(data) {
+  var html = "";
+
+  // Jails table
+  if (!data.jails || data.jails.length === 0) {
+    html += '<p>No jails found.</p>';
+  } else {
+    html += ''
+      + '<h2>Overview</h2>'
+      + '<table class="table table-striped">'
+      + '  <thead>'
+      + '    <tr>'
+      + '      <th>Jail Name</th>'
+      + '      <th>Total Banned</th>'
+      + '      <th>New in Last Hour</th>'
+      + '      <th>Banned IPs (Unban)</th>'
+      + '    </tr>'
+      + '  </thead>'
+      + '  <tbody>';
+
+    data.jails.forEach(function(jail) {
+      var bannedHTML = renderBannedIPs(jail.jailName, jail.bannedIPs);
+      html += ''
+        + '<tr>'
+        + '  <td>'
+        + '    <a href="#" onclick="openJailConfigModal(\'' + jail.jailName + '\')">'
+        +        jail.jailName
+        + '    </a>'
+        + '  </td>'
+        + '  <td>' + jail.totalBanned + '</td>'
+        + '  <td>' + jail.newInLastHour + '</td>'
+        + '  <td>' + bannedHTML + '</td>'
+        + '</tr>';
+    });
+
+    html += '</tbody></table>';
+  }
+
+  // Last 5 bans
+  html += '<h2>Last 5 Ban Events</h2>';
+  if (!data.lastBans || data.lastBans.length === 0) {
+    html += '<p>No recent bans found.</p>';
+  } else {
+    html += ''
+      + '<table class="table table-bordered">'
+      + '  <thead>'
+      + '    <tr>'
+      + '      <th>Time</th>'
+      + '      <th>Jail</th>'
+      + '      <th>IP</th>'
+      + '      <th>Log Line</th>'
+      + '    </tr>'
+      + '  </thead>'
+      + '  <tbody>';
+
+    data.lastBans.forEach(function(e) {
+      html += ''
+        + '<tr>'
+        + '  <td>' + e.Time + '</td>'
+        + '  <td>' + e.Jail + '</td>'
+        + '  <td>' + e.IP + '</td>'
+        + '  <td>' + e.LogLine + '</td>'
+        + '</tr>';
+    });
+
+    html += '</tbody></table>';
+  }
+
+  document.getElementById('dashboard').innerHTML = html;
+}
+
+// Render banned IPs with "Unban" button
+function renderBannedIPs(jailName, ips) {
+  if (!ips || ips.length === 0) {
+    return '<em>No banned IPs</em>';
+  }
+  var content = '<ul class="list-unstyled mb-0">';
+  ips.forEach(function(ip) {
+    content += ''
+      + '<li class="d-flex align-items-center mb-1">'
+      + '  <span class="me-auto">' + ip + '</span>'
+      + '  <button class="btn btn-sm btn-warning"'
+      + '    onclick="unbanIP(\'' + jailName + '\', \'' + ip + '\')">'
+      + '    Unban'
+      + '  </button>'
+      + '</li>';
+  });
+  content += '</ul>';
+  return content;
+}
+
+// Unban IP
+function unbanIP(jail, ip) {
+  if (!confirm("Unban IP " + ip + " from jail " + jail + "?")) {
+    return;
+  }
+  showLoading(true);
+  fetch('/api/jails/' + jail + '/unban/' + ip, { method: 'POST' })
+    .then(function(res) { return res.json(); })
+    .then(function(data) {
+      if (data.error) {
+        alert("Error: " + data.error);
+      } else {
+        alert(data.message || "IP unbanned");
+      }
+      return fetchSummary();
+    })
+    .catch(function(err) {
+      alert("Error: " + err);
+    })
+    .finally(function() {
+      showLoading(false);
+    });
+}
+
+// Open the jail config modal
+function openJailConfigModal(jailName) {
+  currentJailForConfig = jailName;
+  var textArea = document.getElementById('jailConfigTextarea');
+  textArea.value = '';
+
+  document.getElementById('modalJailName').textContent = jailName;
+
+  showLoading(true);
+  fetch('/api/jails/' + jailName + '/config')
+    .then(function(res) { return res.json(); })
+    .then(function(data) {
+      if (data.error) {
+        alert("Error loading config: " + data.error);
+      } else {
+        textArea.value = data.config;
+        var modalEl = document.getElementById('jailConfigModal');
+        var myModal = new bootstrap.Modal(modalEl);
+        myModal.show();
+      }
+    })
+    .catch(function(err) {
+      alert("Error: " + err);
+    })
+    .finally(function() {
+      showLoading(false);
+    });
+}
+
+// Save jail config
+function saveJailConfig() {
+  if (!currentJailForConfig) return;
+  showLoading(true);
+
+  var newConfig = document.getElementById('jailConfigTextarea').value;
+  fetch('/api/jails/' + currentJailForConfig + '/config', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ config: newConfig }),
+  })
+    .then(function(res) { return res.json(); })
+    .then(function(data) {
+      if (data.error) {
+        alert("Error saving config: " + data.error);
+      } else {
+        alert(data.message || "Config saved");
+        // Hide modal
+        var modalEl = document.getElementById('jailConfigModal');
+        var modalObj = bootstrap.Modal.getInstance(modalEl);
+        modalObj.hide();
+        // Show the reload banner
+        document.getElementById('reloadBanner').style.display = 'block';
+      }
+    })
+    .catch(function(err) {
+      alert("Error: " + err);
+    })
+    .finally(function() {
+      showLoading(false);
+    });
+}
+
+// Reload Fail2ban
+function reloadFail2ban() {
+  if (!confirm("Reload Fail2ban now?")) return;
+  showLoading(true);
+  fetch('/api/fail2ban/reload', { method: 'POST' })
+    .then(function(res) { return res.json(); })
+    .then(function(data) {
+      if (data.error) {
+        alert("Error: " + data.error);
+      } else {
+        alert(data.message || "Fail2ban reloaded");
+        // Hide reload banner
+        document.getElementById('reloadBanner').style.display = 'none';
+        // Refresh data
+        return fetchSummary();
+      }
+    })
+    .catch(function(err) {
+      alert("Error: " + err);
+    })
+    .finally(function() {
+      showLoading(false);
+    });
+}
+</script>
+</body>
+</html>