Hi, You can drop it before FW with blackhole route. DH čt 9. 1. 2020 v 7:21 odesílatel Thomas Stephen Lee <lee.iitb at gmail.com> napsal: > On Thu, Jan 9, 2020 at 6:07 AM H <agents at meddatainc.com> wrote: > > > I am being attacked by an entire subnet where the first two parts of the > > IP address remain identical but the last two parts vary sufficiently that > > it is not caught by fail2ban since the attempts do not meet the cut-off > of > > a certain number of attempts within the given time. > > > > Has anyone created a fail2ban filter for this type of attack? As of right > > now, I have manually banned a range of IP addresses but would like to > > automate it for the future. > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > Hi, > > I am not an expert but, > you can try creating an ipset with the the range you need and do a drop in > iptables or firewalld. > We have used ipsets with bare iptables in CentOS 6, and firewalld in CentOS > 7. > fail2ban also uses ipsets in CentOS 7. > > thanks > -- > Lee > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >