Reaching out, for my knowledge with calcultaing IP stuff is ‘zilch’.
I am looking for what to fill out to whitelist my mobile provider’s subnet. Every time I use hotspot on my cell phone I get assigned a different IP, so I want the whole providers net being whitelisted.
TIA
Hi,
The IP 84.241.205.229 has just been banned by Fail2Ban after
3 attempts against openvpn.
You may edit /etc/fail2ban/jail.conf and edit the ignoreip option to ignoreip = 127.0.0.1/8 84.241.200.0/24 and do a signal-event nethserver-fail2ban-update
I created the custom template, expanded and restarted (thanks @stephdl)
It did not work for me for my mobile provider keeps changing IP’s on me and I lack the skills on subnets. Entering a specific IP in the fail2ban config web UI works.
Please don’t get me wrong, but I don’t get why you want to whitelist more then 2000 IP’s only because you failed with login to your own VPN. I’m using mobile devices with changing IPs on openvpn and there is no problem.
Maybe to increase the number of allowed attemps to 5 or 6 would be the better idea. If there is a real attack, 5 attemps are done in some parts of a second, not really a big loose of security, but you have still 2 or 3 more to try your credentials.
thanks for the thoughts and suggestions. The fail2ban log was only to get the whois report on the subnet, not a real attempt.
I guess what I miss is the possibility to enter subnets or range of subnets in the fail2ban GUI, and the possibility to ignore IP’s and subnets for specific services.
In my case I was testing stuff on Nethserver including making forced mistakes, and wanted to exclude my mobile providers subnets to prevent fail2ban to lock me out. Since this Nethserver is a Contabo VPS I was forced to open a VNC session and unban the offending IP.
But again, not my specialty, sort of a blind spot to me
I forgot it, but when you want to allow a whole subnet in fail2ban, go to the trusted network menu and add your network as fully trusted, a lot of other applications use it already