IP in the network are banned


With nethserver-fail2ban installed I can see that some IPs are banned (launch fail2ban-listban) but not by fail2ban because I cannot find something in logs

these IP are for example

following this, these IP should not be used -> https://superuser.com/questions/388056/where-are-addresses-from-the-network-0-0-0-0-8-used-in-practice

I do not understand who blocked these IP, it seems it is not fail2ban…or we have a bug

how to gather information on the fail2ban work

db fail2ban show BLOCKED_IP   #should give back information (how many ban and last ban)
grep -srni 'xxx\.xxx\.xxx\.xxx' /var/log    # should give back any reference to this IP

You can find this strange IP by comparing fail2ban-client status jailName (or fail2ban-listban) and shorewall show dynamic


for those who have fail2ban installed, can you check if you have these kind of IP blocked please

In fail2ban logs I don’t have any ip’s listed in subnet
From the thread you linked:

[2] reserved for self-identification [RFC1122], section
Reserved by protocol. For authoritative registration, see [IANA registry iana-ipv4-special-registry].

/devils advocate mode: could this get abused in any way? Looks like it is intended for identification purposes.

1 Like

yes these IP should be never used but I do not understand what services banned them, Fail2ban makes log of everything and bans from logs reading, so definitively I must find traces :slight_smile:

I checked. there are no such strange IP’s blocked at my Servers.

1 Like