Fail2ban : ignore IP from network


when trying to whitelist a subnet in the form I’ll get the response

        "" ist keine IP

to add the network with the commandline works

fail2ban-client set <jail> addignoreip

(Stéphane de Labrusse) #2

Honestly you find a bug, but I cannot blame me, I use a library use Net::IPv4Addr qw(ipv4_chkip); in that should prevent to use your network, once you expand your template if you look to /etc/fail2ban/jail.local you will see your network truncated. It misses the /24, it is not a blocking bug because the IP doesn’t exist, so I won’t fix it.

I do not want to allow a network from fail2ban, if you want to do it, then add it by the trusted network panel.

Sorry but security is my first concern…when I can :smiley:


So when I add the net as trusted network fail2ban would handle these ip’s like they are on the whitelist or as local network?

(Stéphane de Labrusse) #4

Exactly, this post should be marked as good answer (change the bug category to support), when you want to allow a whole network to fail2ban, then set the network in the trusted-network panel and the whole network will be ignored like your local network.

your topic should be changed to ‘Fail2ban : ignore IP from network’