On 05/08/2019 16:12, Mike wrote:
At 08:55 AM 8/5/2019, Robert Kudyba wrote:
Have you guys seen the sync-blacklist script from
https://gist.github.com/klepsydra/ecf975984b32b1c8291a#gistcomment-2038935
or
f2b-badips-to-hostsdeny.sh from
https://github.com/mitchellkrogza/fail2ban-useful-scripts/blob/master/f2b-badips-to-hostsdeny.sh
That's interesting and informative.
I took a look at the script and based on my tests, it basically does
an IP ban of every IP on the blocklist, which is currently over 29,000
IPs. I was hoping perhaps that utility 'sipcalc' might intelligently
identify subnets and consolidate the ipsets into CIDR ranges, but it
wasn't doing that in my tests.
So this creates a rather huge IP blocklist. I assume this is rather
resource intensive?
This is a neat idea, but I want to take it further to identify CIDR
ranges and create a class A,B,C-based blocklist that doesn't have so
many entries.
Does anybody know of a utility that can take a large list of IP
addresses and consolidate them into range blocks?
I think pfblockerng in pfsense does this for deny ipsets, had a quick
look and think the code for this is here:
https://github.com/pfsense/pfsense-packages/blob/master/config/pfblockerng/pfblockerng_extra.inc
If that's not quite it, look around elsewhere, it's all php, but may be
portable to something else with the right underlying tools.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
