Fail2ban: Block CIDR IP Address Ranges (aka wildcard)

It has been requested to have the ability in fail2ban to block whole IP address ranges.

Yaroslav Halchenko replied, saying

we are working on the features which would occur in some 0.9.x release which would make it configurable out-of-the-box, but meanwhile you can just easily create an augmented action file where you would have customized iptables call with /XX to ban whatever big subnet you like

Well, at the time of this writing the current version is Fail2Ban v0.8.6 – and it seems to not have CIDR capabilities out of the box. However, you can still have fail2ban block an IP address by using a command like this:

fail2ban-client -vvv set apache banip 1.2.3.0/24

Your fail2ban log file ( maybe /var/log/fail2ban.log ) should have information about the rule you just added. Also, the -vvv flag tells the command to be verbose.

For the rule to take effect, you may need to wait until one of the other files fail2ban is monitoring has a change. So check out your /etc/fail2ban/jail.local file, see what is enabled, and then run touch /path/to/file on a logfile you are watching with fail2ban

Related Posts:

  • No Related Posts
This entry was posted in Server Admin. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *