Re: [Fail2ban-users] Augmenting F2B with additional ipset rules

[Nick Howitt]

This time to the list..... Python has a netaddr library which can merge subnets and, when I tried to use it with country blocking it seemed very efficient compared to the bash script I wrote before. Ipset is pretty efficient at handling large lists so it is not too critical that the lists are as compact as possible, but it may help. It is possible to load the merged list directly into an ipset set in python using the pyroute2 library, but it was not much better than doing bash calls to the ipset function directly. On 05/08/2019 16:37, Giles Coochey wrote: On 05/08/2019 16:12, Mike wrote: At 08:55 AM 8/5/2019, Robert Kudyba wrote: Have you guys seen the sync-blacklist script from https://gist.github.com/klepsydra/ecf975984b32b1c8291a#gistcomment-2038935 or f2b-badips-to-hostsdeny.sh from https://github.com/mitchellkrogza/fail2ban-useful-scripts/blob/master/f2b-badips-to-hostsdeny.sh That's interesting and informative. I took a look at the script and based on my tests, it basically does an IP ban of every IP on the blocklist, which is currently over 29,000 IPs.   I was hoping perhaps that utility 'sipcalc' might intelligently identify subnets and consolidate the ipsets into CIDR ranges, but it wasn't doing that in my tests.   So this creates a rather huge IP blocklist.  I assume this is rather resource intensive? This is a neat idea, but I want to take it further to identify CIDR ranges and create a class A,B,C-based blocklist that doesn't have so many entries. Does anybody know of a utility that can take a large list of IP addresses and consolidate them into range blocks? I think pfblockerng in pfsense does this for deny ipsets, had a quick look and think the code for this is here: https://github.com/pfsense/pfsense-packages/blob/master/config/pfblockerng/pfblockerng_extra.inc If that's not quite it, look around elsewhere, it's all php, but may be portable to something else with the right underlying tools. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users