* Mike <t...@rohms.com> [12-09-21 19:56]: > > > > > Thank you, I updated to 0.11.2-3 and will see if subnet bans stick. > > That may be a function of the type of IPSET list created. I know that with > ipset you can blacklist subnets but if it isn't a certain list:hash type it > will expand the subnet into an array of individual IP addresses. > > If F2B can now handle subnets as single entries, that would be really cool. > I am using a separate system (login-shield) for that very effectively.
create blacklist hash:net family inet hashsize 4096 maxelem 65536 handles subnets, ie: 110.153.0.0/16 186.29.182.0/24 45.155.126.0/24 123.5.0.0/16 179.43.140.0/24 178.128.0.0/16 89.248.165.0/24 185.142.236.0/24 45.141.87.0/24 40.73.0.0/16 ipset add blacklist 110.153.0.0/16 -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc What sort of day was it? A day like all days, filled with those events that alter and illuminate our times... _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
