Fail2Ban - block complete IP ranges?

NethServer Version: 7.5
Module: fail2ban

Hi,

my server encounters of course some hacker attackes. Most attacks are based on recidive or postfix-ddos. Fail2ban blocks attacks as expected. 2-3 attackes per day - some more during weekends - a spare time hacker - are located in same IP Range / Provider (Litausia 185.36.81.x) or similar. I guess this is a VPN provider.

I do not expect any “regular server activities” from that area / provider. Can I block IPs using Fail2Ban? Can I tell Fail2Ban not only to block the specific IP but the complete range?

TIA
Thorsten

Hi @thorsten ,

I don’t know if is possible, @stephdl knows better and I am sure he will answer asap, but I think if you will enable “Recidive jail is perpetual”, after a while, you will obtain the same result.

Another way could be to create a rule on firewall, as 1st rule, to block or reject the entire IP range.

BR,
Gabriel

Hi mates

If you know the IP range, the best way is to use the firewall, after that the geoIP could be used with shorewall https://tech.feedyourhead.at/content/shorewall-setup-geo-ip-filtering

But, but I tend to be pragmatic and let fail2ban works, find, ban, find several time and go to recidive for 7*bantime iirc

1 Like

Hi Stephdl,

Thanks for your idea, in generall I think so, too. However it takes quite a long time until an attackes comes from the same IP if at all. As fail2ban reports the provider and IP range I was asking if it would not be more interestingt to block the IP range instead the single IP…

Best regards
Thorsten