>
> Has anyone else noticed the use of rolling /24 IP addresses to avoid
> fail2ban being triggered?
>
> In reviewing my logs I noticed that I was getting a bunch of attempts
> from 5.188.211.{14,15,16,17,...}, spread out over a long enough interval
> that fail2ban did not see them as a bad actor.
>
> Has anyone else seen the same?
>
> And is there a way to help fail2ban recognise attempts from the same set
> of Class C addresses?There is one for Fail2ban with iptables, could not get it to work on Fedora: https://github.com/XaF/fail2ban-subnets as well as https://github.com/fail2ban/fail2ban/issues/927#issuecomment-307725712 > * >
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
