when trying to whitelist a subnet in the form xxx.xxx.xxx.xxx/xx I’ll get the response
AllowedIP_label
"192.168.178.0/24" ist keine IP
to add the network with the commandline works
fail2ban-client set <jail> addignoreip xxx.xxx.xxx.xxx/xx
1 Like
stephdl
(Stéphane de Labrusse)
May 11, 2018, 1:06pm
2
Honestly you find a bug, but I cannot blame me, I use a library use Net::IPv4Addr qw(ipv4_chkip);
in https://github.com/NethServer/nethserver-fail2ban/blob/ns7/root/etc/e-smith/templates/etc/fail2ban/jail.local/01localaccess that should prevent to use your network, once you expand your template if you look to /etc/fail2ban/jail.local
you will see your network truncated. It misses the /24
, it is not a blocking bug because the IP 192.168.178.0 doesn’t exist, so I won’t fix it.
I do not want to allow a network from fail2ban, if you want to do it, then add it by the trusted network panel.
Sorry but security is my first concern…when I can
So when I add the net as trusted network fail2ban would handle these ip’s like they are on the whitelist or as local network?
stephdl
(Stéphane de Labrusse)
May 11, 2018, 3:45pm
4
Exactly, this post should be marked as good answer (change the bug category to support), when you want to allow a whole network to fail2ban, then set the network in the trusted-network panel and the whole network will be ignored like your local network.
your topic should be changed to ‘Fail2ban : ignore IP from network’