If you have a large amount of blocks, and this sounds like it, use
ipset-based jails as they are way more efficient. If you want to ban
subnets each time you get a block it is possible to create an action to
ban a /24 subnet each time with a very slight modification to the
default action (which you would put in a separate action).
On 24/06/2023 12:58, Kasper Thunø wrote:
Hey,
Just signed up as I was unable to find something explaining an
approach to what I want to achieve.
I have a handful of jail configurations which handle postfix for
example. Inspecting the currently banned ip addresses I see a lot of
examples of entire subnets used to attempt to gain access. Hence I
have a lot of addresses originating from the same origin which makes
the number of banned sources quite high. I have chosen to have a
fairly high ban time set up for the configured jails which obviously
also influences the count.
My question is thus, is there a way to optimize or cleanup the bans so
it’s based on wildcards or subnets instead? Or should I not worry
about this as iptables is not affected performance wise by +1000
banned ips?
Thanks!
--
Med venlig hilsen
Kasper Thunø
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
