my server encounters of course some hacker attackes. Most attacks are based on recidive or postfix-ddos. Fail2ban blocks attacks as expected. 2-3 attackes per day - some more during weekends - a spare time hacker - are located in same IP Range / Provider (Litausia 185.36.81.x) or similar. I guess this is a VPN provider.
I do not expect any “regular server activities” from that area / provider. Can I block IPs using Fail2Ban? Can I tell Fail2Ban not only to block the specific IP but the complete range?
I don’t know if is possible, @stephdl knows better and I am sure he will answer asap, but I think if you will enable “Recidive jail is perpetual”, after a while, you will obtain the same result.
Another way could be to create a rule on firewall, as 1st rule, to block or reject the entire IP range.
Thanks for your idea, in generall I think so, too. However it takes quite a long time until an attackes comes from the same IP if at all. As fail2ban reports the provider and IP range I was asking if it would not be more interestingt to block the IP range instead the single IP…