fail2ban-subnets
aims to provide a way to ban subnets of IPs repeatingly banned by fail2ban
for multiple offenses. It thus uses the fail2ban
logfiles and calculates the most restricted subnet to be banned for these IPs. Using the log file generated by fail2ban-subnets
, and a new action.d
script, we can thus create a specific jail in fail2ban
for banning those subnets.
fail2ban-subnets
is here to provide what's currently impossible in fail2ban
, even if there are issues that are progressing on that side.
Copyright (C) 2015 Raphaël Beamonte <raphael.beamonte@gmail.com>
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. [See the GNU General Public License for more details] GPLv2.
You can get the code by cloning this repository or downloading the last version of the zip package
You should edit the first part of the fail2ban-subnets.py
file to adjust to your system. All comments on this configuration are provided in the file.
Here's the way I recommand setting fail2ban
to avoid problems in future developments.
These settings are based on a Debian system and consider you got the fail2ban-subnets
files in /home/usr/f2b-sn/
, you should adapt them to your needs.
Go to the fail2ban
settings directory of your system as root:
cd /etc/fail2ban
Create the directories action.d.local
and filter.d.local
:
mkdir action.d.local filter.d.local
Copy the fail2ban-subnets
action and filter files in these new directories:
cp /home/usr/f2b-sn/action.d.local/* action.d.local/
cp /home/usr/f2b-sn/filter.d.local/* filter.d.local/
Add the configuration for the fail2ban-subnets
jail at the end of your local jail:
cat /home/usr/f2b-sn/jail.local >> jail.local
Install the fail2ban-subnets
script to be executed once an hour:
cp /home/usr/f2b-sn/fail2ban-subnets.py /etc/cron.hourly/fail2ban-subnets
chown root:adm /etc/cron.hourly/fail2ban-subnets
Note: you could also set a crontab to go more regularly, still as root, by running crontab -e
then setting your crontab.
Please use the [GitHub integrated issue tracker] issues for every problem you can encounter. Please DO NOT use my email for issues or walkthrough.