Is there a way to have fail2ban ban the entire class C network from which a ban address comes from?
A
Asked
Active
Viewed 3,342 times
5
-
I haven't thought about it before, but maybe it can be done by using a fail2ban action script. The challenge maybe on whether this ban will be done temporary or permanently (easier). – FedKad Sep 15 '19 at 12:11
-
You can set jail time to permanent if you use -1. So that can be taken care of, banning class C networks might help cut down the number of required entries to clean things up a bit. I have been using IPTABLES as well.. – A.Adverse Sep 16 '19 at 16:50
1 Answers
3
As fail2ban adds rules to iptables, You may prefer to use iptables directly
iptables -A INPUT -s 197.198.199.0/24 -j DROP
fail2ban can block an ip range, see how with the client:
# fail2ban-client -v set [JailName] banip 197.198.199.0/24
# example:
fail2ban-client -v set recidive banip 197.198.199.0/24
Since jails are time limited, iptables could be a better idea, depending of what you want/need.
But, to answer your question :
Someone have done a configuration customization to ban the whole network of an ip sent in jail
See: https://www.righter.ch/index.php/2014/12/10/block-a-whole-ip-range-with-fail2ban/
cmak.fr
- 8,986
-
-
Using the client isn't what I had in mind. I s'pose the tricky part is, extracting the first three quarters of the address and attaching the 0/24 to the end for the IP to ban. – A.Adverse Sep 16 '19 at 16:58
-
@A.Adverse I have reread your question again : there is no out-of-the-box rule or action to ban the whole network of an ip sent in jail. But someone have done it: https://www.righter.ch/index.php/2014/12/10/block-a-whole-ip-range-with-fail2ban/ – cmak.fr Sep 16 '19 at 18:51