Hi Nick, Thanks for the suggestion! I found an approach here (https://github.com/ritsu/ipset-fail2ban) which seems to be a nice way of cleaning up and using ipset as well.
Den lør. 24. jun. 2023 kl. 17.06 skrev Nick Howitt via Fail2ban-users < fail2ban-users@lists.sourceforge.net>: > If you have a large amount of blocks, and this sounds like it, use > ipset-based jails as they are way more efficient. If you want to ban > subnets each time you get a block it is possible to create an action to ban > a /24 subnet each time with a very slight modification to the default > action (which you would put in a separate action). > > On 24/06/2023 12:58, Kasper Thunø wrote: > > Hey, > > Just signed up as I was unable to find something explaining an approach to > what I want to achieve. > > I have a handful of jail configurations which handle postfix for example. > Inspecting the currently banned ip addresses I see a lot of examples of > entire subnets used to attempt to gain access. Hence I have a lot of > addresses originating from the same origin which makes the number of banned > sources quite high. I have chosen to have a fairly high ban time set up for > the configured jails which obviously also influences the count. > > My question is thus, is there a way to optimize or cleanup the bans so > it’s based on wildcards or subnets instead? Or should I not worry about > this as iptables is not affected performance wise by +1000 banned ips? > > Thanks! > -- > > Med venlig hilsen > Kasper Thunø > > > _______________________________________________ > Fail2ban-users mailing > listFail2ban-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > -- Med venlig hilsen Kasper Thunø
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
