Interesting. I'll have to do something like this as well.

Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com


-------- Original Message --------
*Subject: *  Re: [Fail2ban-users] Cleanup jails
*From: *     Kasper Thunø <kth...@gmail.com>
*To: *         Nick Howitt <n...@howitts.co.uk>
*CC: *        Fail2ban-users <fail2ban-users@lists.sourceforge.net>
*Date: *      2023-6-25  10:42 AM
Hi Nick,

Thanks for the suggestion!
I found an approach here (https://github.com/ritsu/ipset-fail2ban) which seems to be a nice way of cleaning up and using ipset as well.

Den lør. 24. jun. 2023 kl. 17.06 skrev Nick Howitt via Fail2ban-users <fail2ban-users@lists.sourceforge.net <mailto:fail2ban-users@lists.sourceforge.net>>:

    If you have a large amount of blocks, and this sounds like it, use 
ipset-based jails as they are way more
    efficient. If you want to ban subnets each time you get a block it is 
possible to create an action to ban a /24
    subnet each time with a very slight modification to the default action 
(which you would put in a separate action).

    On 24/06/2023 12:58, Kasper Thunø wrote:
    Hey,

    Just signed up as I was unable to find something explaining an approach to 
what I want to achieve.

    I have a handful of jail configurations which handle postfix for example. 
Inspecting the currently banned ip
    addresses I see a lot of examples of entire subnets used to attempt to gain 
access. Hence I have a lot of
    addresses originating from the same origin which makes the number of banned 
sources quite high. I have chosen to
    have a fairly high ban time set up for the configured jails which obviously 
also influences the count.

    My question is thus, is there a way to optimize or cleanup the bans so it’s 
based on wildcards or subnets
    instead? Or should I not worry about this as iptables is not affected 
performance wise by +1000 banned ips?

    Thanks!
--
    Med venlig hilsen
    Kasper Thunø


    _______________________________________________
    Fail2ban-users mailing list
    Fail2ban-users@lists.sourceforge.net  
<mailto:Fail2ban-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/fail2ban-users

    _______________________________________________
    Fail2ban-users mailing list
    Fail2ban-users@lists.sourceforge.net 
<mailto:Fail2ban-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/fail2ban-users



--

Med venlig hilsen
Kasper Thunø


_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users



_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to