Dear kaffeesurrogat, You are not in a danger to block all the traffic.
0.0.0.0 is a non-routable meta-address used to designate an invalid, unknown or non applicable target (a no particular address placeholder). I would advise to look at /var/log/auth.log entries containing this address and try to understand what causes them. Regards, Denis Rasulev > On 31 Oct 2018, at 10:52, kaffeesurrogat <[email protected]> wrote: > > Dear all, > > i'm new to the list. Unfortunately I'am not an expert at all, but I'm trying > my best to understand fail2ban and the world of IP-adressing. > > I've got this email-message from fail2ban: > > ############################################################ > > Hi, > > The IP 0.0.0.0 has just been banned by Fail2Ban after > 1 attempts against sshd. > > > Here is more information about 0.0.0.0 : > > Für diese Art von Objekten ist kein Whois-Server bekannt. > missing whois program > > > Lines containing IP:0.0.0.0 in /var/log/auth.log > > > Regards, > > Fail2Ban > > > ############################################################ > > > > This is confusing to me, because the IP address does not make any sence to me. > > How can anybody have an IP Address of 0.0.0.0 ? Is this any kind of special > IP - Address ? Why does it show up in my sshd jail ? Is it some kind of > loopback-device address ? Some kind of broadcast ? Am I in danger of blocking > all the traffic ? > > Thanks so much for clarification, > > kaffeesurroagt > > > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
