> In my understanding, fail2ban only collects stats on individual IPs. > I have seen suggestions to change the action to block the entire > /24 for a bad IP in some situations. That sort of helps, but doesn't > help aggregate the "hits" on the jails in the first place. > > Here are a couple of other posts on the subject: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724274
Check out this message: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724274#25 It sounds like I can just edit action.d/iptables.conf like this: old: actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype> new: actionban = <iptables> -I f2b-<name> 1 -s <ip>/24 -j <blocktype> and it will ban the entire subnet instead of just the IP. Am I reading that right? - Grant ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
