That I have gotten to work quite reliably well. Where I'm having problems is actually automating the ban action.
I tried for example this line:
/etc/fail2ban/scripts/generate_ban_range_from_ip.sh <ip> | ifne xargs
-I {} -n1 fail2ban-client set <name> banip {}
But then I get an error with the substitution in the xargs command not
happening.
To overcome that I tried to package everything into a script as follows:
#!/bin/zsh
/etc/fail2ban/scripts/generate_ban_range_from_ip.sh $1 | xargs -n1 sudo
fail2ban-client -v set $2 banip And while running that command manually
on an interactive shell works, it fails in the context of a script.
It seems that something is wrong with the parameter passing - the
fail2ban-client command simply gets stuck waiting for input, I even
tried hard-coding the jail name and that clearly isn't what is causing
the issue (still gets stuck the same).
Weirdly, if I keep the same structure and replace the fail2ban-client
sub-command with echo, I do get the value passed through the pipe.
Kind Regards,
Wael Karram.
On 2/3/26 6:02 PM, Nick Howitt via Fail2ban-users wrote:
Note that different registries return different fields. Try "whois
82.5.79.245" where the address range is in a field called "inetnum".
>
> You could try an ASN lookup then look up all the ranges associated
> with the ASN, but you'g end up with huge blocks.
>
> From your script, you'd then have to generate the relevant iptables
> commands for the ban and unban actions.
>
> Nick
>
> On 03/02/2026 11:55, Wael Karram via Fail2ban-users wrote:
> Hello,
>> I've noticed lately that my server is being loaded by many automated
>> scanners and scrapers, I've got some nginx and opensmtpd filters in
>> place which can reliably catch them, though I've also noticed that
>> there are entire ASNs usually associated with them.
>>
>> Currently, I am banning them manually more or less - once a day I
>> check the logs, look for any suspect lines and then lookup the CIDRs
>> and ban manually.
>>
>> I would like to automate this, though I'm somewhat stuck with how to
>> implement the action (the filter is actually the easy part).
>> All I've managed to come up with for now is this script:
>> http://0x0.st/Pb4E.sh
>> It takes an IP address and spits out the CIDRs of its ASN/the entire
>> range associated with it - line by line.
>>
>> I hope someone can help me on how to integrate this into a custom ban
>> action.
>>
>>
>>
>> _______________________________________________
>> Fail2ban-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
pgpeMsT4GayiR.pgp
Description: OpenPGP digital signature
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
