Re: [CentOS] firewall questions

-- Ted Buchanan Computer/Network Analyst - Vincennes University tbuchanan@vinu.edu From: "Jon LaBadie" jcu@labadie.us To: "Jon LaBadie" centos@centos.org Date: 06/22/2020 04:57 PM Subject: Re: [CentOS] firewall questions Sent by: "CentOS" centos-bounces@centos.org On Sun, Jun 21, 2020 at 02:33:18PM -0500, Chuck Campbell wrote: > I'm running Centos 7.8.2003, with firewalld. > > I was getting huge numbers of ssh attempts per day from a few specific ip > blocks. > > The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24 and > 118.0.0.0/24, and they amounted to a multiple thousands of attempts per day. > I installed and configured fail2ban, but still saw a lot of attempts in the > logs, and the ipset created was filling up. > What type of ipset did you create, perhaps hash:ip where individual addresses are listed? If so, consider switching to hash:net which uses CIDR style entries. Individual addresses become 1.2.3.4/32 but blocks can be included with a single entry. My ipset has about 40,000 entries, but covers millions of IP addresses. If you do switch look on the net for a program called "cidrmerge". It takes a list of IP addresses and CIDR networks, sorts them and merges multiple entries into a single network where possible. Jon -- Jon H. LaBadie jcu@labadie.us _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos