Note that different registries return different fields. Try "whois
82.5.79.245" where the address range is in a field called "inetnum".
You could try an ASN lookup then look up all the ranges associated with
the ASN, but you'g end up with huge blocks.
From your script, you'd then have to generate the relevant iptables
commands for the ban and unban actions.
Nick
On 03/02/2026 11:55, Wael Karram via Fail2ban-users wrote:
Hello,
I've noticed lately that my server is being loaded by many automated
scanners and scrapers, I've got some nginx and opensmtpd filters in
place which can reliably catch them, though I've also noticed that
there are entire ASNs usually associated with them.
Currently, I am banning them manually more or less - once a day I check
the logs, look for any suspect lines and then lookup the CIDRs and ban
manually.
I would like to automate this, though I'm somewhat stuck with how to
implement the action (the filter is actually the easy part).
All I've managed to come up with for now is this script:
http://0x0.st/Pb4E.sh
It takes an IP address and spits out the CIDRs of its ASN/the entire
range associated with it - line by line.
I hope someone can help me on how to integrate this into a custom ban
action.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
