|
Hi, I am trying to create a custom action file, /etc/fail2ban/action.d/iptables-ipset-proto6-subnet.conf, the idea of which is to block a whole /24 subnet every time it makes a block. Before anyone asks, I am having a spam flood from lots of adjacent IP's. In postfix I block all mails from IP's with no PTR records. Thse are usually Dynamic IP blocks and should not be sending e-mails. Suddenly I am getting stacks from these addresses and often from the same subnet. If I ever get one of these, I'd like to block the whole /24 subnet, in the theaor that if one of the IP's is dynamic and has no PTY recort, then all IP's in the /24 subnet will be the same. To do this I've created a jail: [postfix-no-ptr] enabled = true logpath = %(syslog_mail)s maxretry = 1 bantime = 108000 findtime = 3600 port = smtp,465,submission action = iptables-ipset-proto6-subnet In /etc/fail2ban/action.d/iptables-ipset-proto6-subnet.conf I have actionstart = ipset create f2b-<name> hash:ip netmask 24 timeout <bantime> Adding the 'netmask 24' is the only change from the whole /etc/fail2ban/action.d/iptables-ipset-proto6.conf. F2b starts fine, but the ipset set is not created. If I check the fail action I get: [root@server ~]# fail2ban-client get postfix-no-ptr actions The jail postfix-no-ptr has the following actions: iptables-ipset-proto6-subnet So the jail is seen by f2b. It has just done nothing with it. I can manually do the ipset command to create the jail. How can I get this to work? TIA, Nick |
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
