Re: [Fail2ban-users] blocking the subnet

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

> what do i have to change in fail2ban v0.8.1?
> 

You just need to change iptables.conf (if you use iptables).

> I use fail2ban with Postfix and it would be nice, if fail2ban will block 
>   not only the IP 122.156.43.22 - fail2ban should block  122.156.43.22/24.
> 
> It is very radical - i know - but i would test it and then i would report.
> 
> What do i have to change in the program?
> 

Maybe you can add something like:

$ echo "1.2.3.4" | sed -e
"s/\([0-9]*.\)\([0-9]*.\)\([0-9]*.\)\([0-9]*\)/\1\2\30\/24/"
1.2.3.0/24

to iptables.conf. Have a look at [1]. I'm not sure your example is
right. But I may be wrong. In this case, your iptables.conf (or better
iptables.local) could look similar to:

actionban = iptables -I fail2ban-<name> 1 -s <ip>/24 -j DROP

Using sed, it could look like:

actionban = iptables -I fail2ban-<name> 1 -s `echo <ip> | sed -e
"s/\([0-9]*.\)\([0-9]*.\)\([0-9]*.\)\([0-9]*\)/\1\2\30\/24/"` -j DROP

Adapt actionunban in the same way.

Regards,

Cyril Jaquier

[1] http://forums.serverbeach.com/showthread.php?t=5075