On Wed, Jan 8, 2020 at 5:37 PM H <agents at meddatainc.com> wrote: > I am being attacked by an entire subnet where the first two parts of the > IP address remain identical but the last two parts vary sufficiently that > it is not caught by fail2ban since the attempts do not meet the cut-off of > a certain number of attempts within the given time. > > Has anyone created a fail2ban filter for this type of attack? As of right > now, I have manually banned a range of IP addresses but would like to > automate it for the future. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > Tough one. Not the solution you’re looking for, but until you have a solution, block the whole range in iptables.