Indeed I am using iptables, but I couldn't get that to work, again something funky going on with text substitution
This is partly why I put the question on the mailing list, because
after two hours of trying to figure it out and looking it up online I
kind of gave up.
On 2/4/26 6:14 PM, Nick Howitt via Fail2ban-users wrote:
Assuming you are using iptables, why not do iptables commands directly
at the end of your script? The same similarly goes for other firewalls
such as UFW (which uses iptables in the background).
>
> On 04/02/2026 10:55, Wael Karram via Fail2ban-users wrote:
> That I have gotten to work quite reliably well.
>>
>> Where I'm having problems is actually automating the ban action.
>>
>> I tried for example this line:
>> /etc/fail2ban/scripts/generate_ban_range_from_ip.sh <ip> | ifne xargs
>> -I {} -n1 fail2ban-client set <name> banip {}
>>
>> But then I get an error with the substitution in the xargs command
>> not happening.
>>
>>
>> To overcome that I tried to package everything into a script as
>> follows: #!/bin/zsh
>> /etc/fail2ban/scripts/generate_ban_range_from_ip.sh $1 | xargs -n1
>> sudo fail2ban-client -v set $2 banip And while running that command
>> manually on an interactive shell works, it fails in the context of a
>> script.
>>
>> It seems that something is wrong with the parameter passing - the
>> fail2ban-client command simply gets stuck waiting for input, I even
>> tried hard-coding the jail name and that clearly isn't what is
>> causing the issue (still gets stuck the same).
>>
>> Weirdly, if I keep the same structure and replace the fail2ban-client
>> sub-command with echo, I do get the value passed through the pipe.
>>
>>
>> Kind Regards,
>>
>> Wael Karram.
>>
>>
>> On 2/3/26 6:02 PM, Nick Howitt via Fail2ban-users wrote:
>> Note that different registries return different fields. Try "whois
>> 82.5.79.245" where the address range is in a field called "inetnum".
>> You could try an ASN lookup then look up all the ranges associated
>>> with the ASN, but you'g end up with huge blocks.
>>>
>>> From your script, you'd then have to generate the relevant iptables
>>> commands for the ban and unban actions.
>>>
>>> Nick
>>>
>>> On 03/02/2026 11:55, Wael Karram via Fail2ban-users wrote:
>>> Hello,
>>> I've noticed lately that my server is being loaded by many automated
>>>> scanners and scrapers, I've got some nginx and opensmtpd filters in
>>>> place which can reliably catch them, though I've also noticed that
>>>> there are entire ASNs usually associated with them.
>>>>
>>>> Currently, I am banning them manually more or less - once a day I
>>>> check the logs, look for any suspect lines and then lookup the
>>>> CIDRs and ban manually.
>>>>
>>>> I would like to automate this, though I'm somewhat stuck with how
>>>> to implement the action (the filter is actually the easy part).
>>>> All I've managed to come up with for now is this script:
>>>> http://0x0.st/Pb4E.sh
>>>> It takes an IP address and spits out the CIDRs of its ASN/the
>>>> entire range associated with it - line by line.
>>>>
>>>> I hope someone can help me on how to integrate this into a custom
>>>> ban action.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Fail2ban-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>>>
>>>> _______________________________________________
>>> Fail2ban-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>>
>>>
>>>
>>> _______________________________________________
>>> Fail2ban-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
pgp3OLzkbWmuu.pgp
Description: OpenPGP digital signature
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
