Hi,
You can drop it before FW with blackhole route.
DH
čt 9. 1. 2020 v 7:21 odesílatel Thomas Stephen Lee <lee.iitb@xxxxxxxxx>
napsal:
> On Thu, Jan 9, 2020 at 6:07 AM H <agents@xxxxxxxxxxxxxx> wrote:
>
> > I am being attacked by an entire subnet where the first two parts of the
> > IP address remain identical but the last two parts vary sufficiently that
> > it is not caught by fail2ban since the attempts do not meet the cut-off
> of
> > a certain number of attempts within the given time.
> >
> > Has anyone created a fail2ban filter for this type of attack? As of right
> > now, I have manually banned a range of IP addresses but would like to
> > automate it for the future.
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > https://lists.centos.org/mailman/listinfo/centos
>
>
> Hi,
>
> I am not an expert but,
> you can try creating an ipset with the the range you need and do a drop in
> iptables or firewalld.
> We have used ipsets with bare iptables in CentOS 6, and firewalld in CentOS
> 7.
> fail2ban also uses ipsets in CentOS 7.
>
> thanks
> --
> Lee
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
