I am being attacked by an entire subnet where the first two parts of the IP address remain identical but the last two parts vary sufficiently that it is not caught by fail2ban since the attempts do not meet the cut-off of a certain number of attempts within the given time. Has anyone created a fail2ban filter for this type of attack? As of right now, I have manually banned a range of IP addresses but would like to automate it for the future. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos