working on it. some other issues got in the way of testing.
--
Ted Buchanan
Computer/Network Analyst - Vincennes University
tbuchanan@vinu.edu
From: "Jon LaBadie"
jcu@labadie.us
To: "Jon LaBadie"
centos@centos.org
Date: 06/22/2020 04:57 PM
Subject: Re: [CentOS] firewall questions
Sent by: "CentOS"
centos-bounces@centos.org
On Sun, Jun 21, 2020 at 02:33:18PM -0500, Chuck Campbell wrote:
> I'm running Centos 7.8.2003, with firewalld.
>
> I was getting huge numbers of ssh attempts per day from a few specific
ip
> blocks.
>
> The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24
and
> 118.0.0.0/24, and they amounted to a multiple thousands of attempts per
day.
> I installed and configured fail2ban, but still saw a lot of attempts in
the
> logs, and the ipset created was filling up.
>
What type of ipset did you create, perhaps hash:ip where individual
addresses are listed? If so, consider switching to hash:net which
uses CIDR style entries. Individual addresses become 1.2.3.4/32
but blocks can be included with a single entry. My ipset has about
40,000 entries, but covers millions of IP addresses.
If you do switch look on the net for a program called "cidrmerge".
It takes a list of IP addresses and CIDR networks, sorts them
and merges multiple entries into a single network where possible.
Jon
--
Jon H. LaBadie jcu@labadie.us
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos