{"id":18976382,"url":"https://github.com/jo-37/ban-net","last_synced_at":"2026-04-09T09:30:16.319Z","repository":{"id":128583207,"uuid":"258218514","full_name":"jo-37/ban-net","owner":"jo-37","description":"fail2ban based blacklisting of hosts and subnets","archived":false,"fork":false,"pushed_at":"2020-04-25T13:34:07.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-01T09:26:01.728Z","etag":null,"topics":["fail2ban","iptables","perl"],"latest_commit_sha":null,"homepage":null,"language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jo-37.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-23T13:43:14.000Z","updated_at":"2020-04-25T13:34:09.000Z","dependencies_parsed_at":"2023-08-22T15:17:30.826Z","dependency_job_id":null,"html_url":"https://github.com/jo-37/ban-net","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jo-37%2Fban-net","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jo-37%2Fban-net/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jo-37%2Fban-net/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jo-37%2Fban-net/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jo-37","download_url":"https://codeload.github.com/jo-37/ban-net/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239978057,"owners_count":19728271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fail2ban","iptables","perl"],"created_at":"2024-11-08T15:24:16.516Z","updated_at":"2026-04-09T09:30:16.279Z","avatar_url":"https://github.com/jo-37.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ban-net - fail2ban based blacklisting of hosts and subnets\n## Description\nLogfiles are analyzed using existing fail2ban configuration.\nRegardless of actions taken by fail2ban, these scripts perform a blacklisting in an additional layer.\nIP ranges in this blacklist can be partly or completely locked out.\nWhen there is no traffic from the blocked addresses for some time, the blacklisting will be undone.\n## Usage\nA working fail2ban configuration is required for these scripts.\nFirst, pairs of logfiles and fail2ban configuration files must be configured in the array `@conf` in `ban-net.pl`.\n(There is a `@whitelist` that may be configured, too.)\n\nInstall the scripts `ban-net.pl` and `unban-net.pl` in an appropiate directory, e.g. `/usr/local/sbin`.\n\nCreate a new chain \"blacklist\" in iptables:\n```\niptables -N blacklist\n```\nJump to this chain from the INPUT chain, unconditional or for specific ports.\n(The latter has the advantage that these adresses remain accessible.)\n```\niptables -I INPUT -p tcp -m multiport --dports ftp-data,ftp,ssh,smtp,pop3,imap2,urd,submission,ftps,imaps,pop3s -m state --state NEW -j blacklist\n```\nRun the scripts `ban-net.pl` and `unban-net.pl` on a regular schedule, e.g. by cron:\n\n```\nPATH=/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin\n# min   hour    dom     month   dow     user    command\n13      19      *       *       *       root    unban-net.pl | sh; iptables -Z blacklist\n14      1-19/6  *       *       *       root    ban-net.pl -interval=\"2 days\"| sh\n```\nAdjust values to your needs.\n### ban-net.pl\nThis program performes the configured log file analysis and counts access\nviolations per IP address.\nIt does not modify entries in the blacklist chain but instead generates\nstatements that need to be fed into a shell to do so.\n\nThe program has three options:\n\n- __-from=__*datetime*\n\n    process log entries from the given time onwards.\n    \n- __-interval=__*interval*\n\n    process log entries from the given relative time interval\n    \n- __-list__\n\n    causes the program not to generate iptables statements.\n    Instead it gives a report about the current state and the actions that\n    woud be generated if called without __-list__\n    \n    It reports the address or subnet, a flag, the number of reported violations and\n    the number of reported subitems, if any.\n    \n    Flag is __t__ for an entry already present in the blacklist chain, __b__ for\n    an entry that would be generated and __p__ for an entry that has blacklisted\n    subentries.\n\n### unban-net.pl\nThis program generates iptables commands to delete entries from the blacklist\nchain that have a packet counter of zero.\nA call to `iptables -Z blacklist` is required after `unban-net.pl` has been run.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjo-37%2Fban-net","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjo-37%2Fban-net","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjo-37%2Fban-net/lists"}