[CentOS] Blocking attacks from a range of IP addresses

Thu Jan 9 19:09:52 UTC 2020
Pete Biggs <pete at biggs.org.uk>

> > > 
> > As far as I can see fail2ban only deals with hosts and not networks - I
> > suspect the issue is what is a "network": It may be obvious to you
> > looking at the logs that these are all related, but you run the risk
> > that getting denied accesses from, say, and and
> > may be interpreted as a concerted attack and you banning half
> > the internet - but that may not be a bad thing :-)
> > 
> Since you can configure fail2ban to invoke scripts, I would think it
> would be possible to get it to block CIDRs (variable size subnets, i.e.
>  That said, I don't have a quick and easy implementation
> on hand.

The OP was looking for an automated way of fail2ban doing it - he had
already sorted out the network range and had stopped this particular
DoS attack.