Hello,
Is there any way to configure fail2ban to look for networks instead of single IPs? There are many abusers who use whole C networks (or more IPs). I am talking about situations like this example below: 2019-02-28 04:52:42,473 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.100 2019-02-28 04:52:43,475 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.70 2019-02-28 04:52:47,139 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.233 2019-02-28 04:52:47,144 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.156 2019-02-28 04:52:48,134 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.218 2019-02-28 04:52:53,495 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.234 2019-02-28 04:52:55,490 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.157 2019-02-28 04:52:56,488 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.190 2019-02-28 04:52:56,500 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.86 2019-02-28 04:52:58,487 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.80 2019-02-28 04:53:02,220 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.154 2019-02-28 04:53:09,231 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.232 2019-02-28 04:54:27,129 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.253 2019-02-28 05:00:09,261 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.68 2019-02-28 05:04:59,092 fail2ban.filter [1904]: INFO [postfix-sasl] Found 45.125.66.144 And take a look at logged time. These are connections made at the same time but from different IPs. Can we configure fail2ban to search for XXX.XXX.XXX.* (instead of a single IP) and ban XXX.XXX.XXX.0/24 (instead of a single IP) to get rid of the above situations? Cheers, Sub
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
