On Thu, Jan 9, 2020 at 6:07 AM H <agents@xxxxxxxxxxxxxx> wrote:
> I am being attacked by an entire subnet where the first two parts of the
> IP address remain identical but the last two parts vary sufficiently that
> it is not caught by fail2ban since the attempts do not meet the cut-off of
> a certain number of attempts within the given time.
>
> Has anyone created a fail2ban filter for this type of attack? As of right
> now, I have manually banned a range of IP addresses but would like to
> automate it for the future.
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
Hi,
I am not an expert but,
you can try creating an ipset with the the range you need and do a drop in
iptables or firewalld.
We have used ipsets with bare iptables in CentOS 6, and firewalld in CentOS
7.
fail2ban also uses ipsets in CentOS 7.
thanks
--
Lee
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
