Answer the question
In order to leave comments, you need to log in
M
M
Maxim Vasiliev2015-02-11 04:19:50
Maxim Vasiliev, 2015-02-11 04:19:50
Is it possible to teach fail2ban to ban relapses by subnets?
Found a lot of spam relapses from the same subnet (/24).
Is it possible to write such a filter that would detect bans from one subnet and ban the entire subnet?
Or, for example, in case of a relapse, would you look at whois for the IP range and ban it entirely?
1 answer(s)
@RicoX
S
Sergey Petrikov, 2015-02-11 @RicoX
All subnet what mask? Ban then 0.0.0.0/0 and don't suffer if you want to ban everyone. You can look at whois or for example AS and ban everything that is there, but without unlocking in half a year you will ban the whole world like that, so it's easier to close everyone at once. The easiest and most correct way for basic use is to configure ipset and ban individual addresses through it, it almost does not increase the load on the firewall from a large number of addresses and you don’t have to cut entire networks that can be used by normal clients, plus if you really want to set up a filter by geotag and put the countries from which there can be no clients entirely there.
Similar questions
N
L
R
D
J
JackShcherbakov2017-12-07 00:47:10
The PHP encoding in openserver has failed, what should I do?
3Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question