working on it. some other issues got in the way of testing.
--
Ted Buchanan
Computer/Network Analyst - Vincennes University
tbuchanan@xxxxxxxx
From: "Jon LaBadie" <jcu@xxxxxxxxxx>
To: "Jon LaBadie" <centos@xxxxxxxxxx>
Date: 06/22/2020 04:57 PM
Subject: Re: firewall questions
Sent by: "CentOS" <centos-bounces@xxxxxxxxxx>
On Sun, Jun 21, 2020 at 02:33:18PM -0500, Chuck Campbell wrote:
> I'm running Centos 7.8.2003, with firewalld.
>
> I was getting huge numbers of ssh attempts per day from a few specific
ip
> blocks.
>
> The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24
and
> 118.0.0.0/24, and they amounted to a multiple thousands of attempts per
day.
> I installed and configured fail2ban, but still saw a lot of attempts in
the
> logs, and the ipset created was filling up.
>
What type of ipset did you create, perhaps hash:ip where individual
addresses are listed? If so, consider switching to hash:net which
uses CIDR style entries. Individual addresses become 1.2.3.4/32
but blocks can be included with a single entry. My ipset has about
40,000 entries, but covers millions of IP addresses.
If you do switch look on the net for a program called "cidrmerge".
It takes a list of IP addresses and CIDR networks, sorts them
and merges multiple entries into a single network where possible.
Jon
--
Jon H. LaBadie jcu@xxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
