I have this in my jail.conf:
ignoreip = 127.0.0.1 192.168.0.0/24 X.X.X.X/25 192.168.116.48/29
But yesterday my colleague got banned using this IP - log entry below:
2010-08-23 09:37:09,779 fail2ban.actions: WARNING [ssh] Ban 192.168.116.49
Looks like it doesn't parse the CIDR correctly - 192.168.116.48/29 should cover 192.168.116.49-54
I've changed the first two bytes of the IP address in question above because that's what people usually do. If you need the original IP address I can email that to you.
-----BEGIN PGP SIGNED MESSAGE-----
On 08/24/2010 07:57 AM, mimo wrote:
> ignoreip = 127.0.0.1 192.168.0.0/24 X.X.X.X/25 192.168.116.48/29
> But yesterday my colleague got banned using this IP - log entry below:
The mask is fine, indeed .49 is the first usable ip in the range. Maybe fail2ban hadn't been
restarted after the config change?
Arturo "Buanzo" Busleiman
Independent Linux and Security Consultant - OWASP - SANS - OISSG .
http://www.cervezacicuta.com.ar - "LA" Cerveza Artesanal de Villa Bosch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Get latest updates about Open Source Projects, Conferences and News.