Assuming you are using iptables, why not do iptables commands directly
at the end of your script? The same similarly goes for other firewalls
such as UFW (which uses iptables in the background).
On 04/02/2026 10:55, Wael Karram via Fail2ban-users wrote:
That I have gotten to work quite reliably well.
Where I'm having problems is actually automating the ban action.
I tried for example this line:
/etc/fail2ban/scripts/generate_ban_range_from_ip.sh <ip> | ifne xargs
-I {} -n1 fail2ban-client set <name> banip {}
But then I get an error with the substitution in the xargs command not
happening.
To overcome that I tried to package everything into a script as follows:
#!/bin/zsh
/etc/fail2ban/scripts/generate_ban_range_from_ip.sh $1 | xargs -n1 sudo
fail2ban-client -v set $2 banip And while running that command manually
on an interactive shell works, it fails in the context of a script.
It seems that something is wrong with the parameter passing - the
fail2ban-client command simply gets stuck waiting for input, I even
tried hard-coding the jail name and that clearly isn't what is causing
the issue (still gets stuck the same).
Weirdly, if I keep the same structure and replace the fail2ban-client
sub-command with echo, I do get the value passed through the pipe.
Kind Regards,
Wael Karram.
On 2/3/26 6:02 PM, Nick Howitt via Fail2ban-users wrote:
Note that different registries return different fields. Try "whois
82.5.79.245" where the address range is in a field called "inetnum".
You could try an ASN lookup then look up all the ranges associated
with the ASN, but you'g end up with huge blocks.
From your script, you'd then have to generate the relevant iptables
commands for the ban and unban actions.
Nick
On 03/02/2026 11:55, Wael Karram via Fail2ban-users wrote:
Hello,
I've noticed lately that my server is being loaded by many automated
scanners and scrapers, I've got some nginx and opensmtpd filters in
place which can reliably catch them, though I've also noticed that
there are entire ASNs usually associated with them.
Currently, I am banning them manually more or less - once a day I
check the logs, look for any suspect lines and then lookup the CIDRs
and ban manually.
I would like to automate this, though I'm somewhat stuck with how to
implement the action (the filter is actually the easy part).
All I've managed to come up with for now is this script:
http://0x0.st/Pb4E.sh
It takes an IP address and spits out the CIDRs of its ASN/the entire
range associated with it - line by line.
I hope someone can help me on how to integrate this into a custom ban
action.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
