Interesting. I'll have to do something like this as well.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
-------- Original Message --------
*Subject: * Re: [Fail2ban-users] Cleanup jails
*From: * Kasper Thunø <kth...@gmail.com>
*To: * Nick Howitt <n...@howitts.co.uk>
*CC: * Fail2ban-users <fail2ban-users@lists.sourceforge.net>
*Date: * 2023-6-25 10:42 AM
Hi Nick,
Thanks for the suggestion!
I found an approach here (https://github.com/ritsu/ipset-fail2ban) which seems to be a nice way of cleaning up and
using ipset as well.
Den lør. 24. jun. 2023 kl. 17.06 skrev Nick Howitt via Fail2ban-users <fail2ban-users@lists.sourceforge.net
<mailto:fail2ban-users@lists.sourceforge.net>>:
If you have a large amount of blocks, and this sounds like it, use
ipset-based jails as they are way more
efficient. If you want to ban subnets each time you get a block it is
possible to create an action to ban a /24
subnet each time with a very slight modification to the default action
(which you would put in a separate action).
On 24/06/2023 12:58, Kasper Thunø wrote:
Hey,
Just signed up as I was unable to find something explaining an approach to
what I want to achieve.
I have a handful of jail configurations which handle postfix for example.
Inspecting the currently banned ip
addresses I see a lot of examples of entire subnets used to attempt to gain
access. Hence I have a lot of
addresses originating from the same origin which makes the number of banned
sources quite high. I have chosen to
have a fairly high ban time set up for the configured jails which obviously
also influences the count.
My question is thus, is there a way to optimize or cleanup the bans so it’s
based on wildcards or subnets
instead? Or should I not worry about this as iptables is not affected
performance wise by +1000 banned ips?
Thanks!
--
Med venlig hilsen
Kasper Thunø
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
Med venlig hilsen
Kasper Thunø
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users