Hi Fabian,
we are working on the features which would occur in some 0.9.x release
which would make it configurable out-of-the-box, but meanwhile you can
just easily create an augmented action file where you would have
customized iptables call with /XX to ban whatever big subnet you like.
here is my reply on fail2ban-users
Date: Wed, 7 Aug 2013 12:57:54 -0400
From: Yaroslav Halchenko <li...@onerussian.com>
To: fail2ban-us...@lists.sourceforge.net
Subject: Re: [Fail2ban-users] a more agressive ban of the whole class c?
well -- probably I should have added that you can always to customize
your action file to ban whole networks:
# iptables -I INPUT 1 -s 1.2.3.4/24 -j DROP
# iptables -L -n -v | head
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 1.2.3.0/24 0.0.0.0/0
On Mon, 23 Sep 2013, Fabian Greffrath wrote:
> Package: fail2ban
> Severity: wishlist
> Tags: upstream
> Hello,
> for a few days now my private e-mail server is suffering ssh login attempts
> from a rather narrow range of IP addreses that are (apparently) all located in
> China. That is, once one IP is blocked by fail2ban, the attacks continue from
> another IP of that range shortly thereafter. Would it be possible to broaden
> the ban rule to ban a whole IP range (say, the 512 surrounding IP addresses)
> around an offending IP at once?
> Best regards,
> - Fabian
--
Yaroslav O. Halchenko, Ph.D.
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Senior Research Associate, Psychological and Brain Sciences Dept.
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
