https://github.com/mateusz834/fail2ban-detect-subnets
detect and ban subnets with fail2ban
https://github.com/mateusz834/fail2ban-detect-subnets
fail2ban
Last synced: 6 months ago
JSON representation
detect and ban subnets with fail2ban
- Host: GitHub
- URL: https://github.com/mateusz834/fail2ban-detect-subnets
- Owner: mateusz834
- License: mit
- Created: 2020-09-18T15:43:54.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2021-04-14T14:32:42.000Z (over 4 years ago)
- Last Synced: 2025-02-08T22:13:56.391Z (8 months ago)
- Topics: fail2ban
- Language: Shell
- Homepage:
- Size: 18.6 KB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# fail2ban-detect-subnets
# Usage
Copy:
```
cp ./fail2ban-detect-subnets.sh /usr/local/sbin/
cp ./fail2ban-detect-subnets-masker.sh /usr/local/sbin/
cp ./fail2ban-detect-subnets.service /etc/systemd/system/
```
Send fail2ban logs to syslog:
/etc/fail2ban/fail2ban.local:
```
[Definition]
logtarget = syslog
```
Copy fail2ban filter:
```
cp ./fail2ban-detect-subnets.conf /etc/fail2ban/filter.d/
```
Copy fail2ban action:
```
cp ./iptables-multiport-subnet.conf /etc/fail2ban/action.d/
```
Edit jail.local according to your needs.
Example jail.local
[DEFAULT]
backend = systemd
[ssh]
enabled = true
filter = sshd
action = iptables-multiport[port="22", blocktype="DROP", chain="fail2ban"]
[ssh-subnet]
enabled = true
filter = fail2ban-detect-subnets[jail="ssh"]
action = iptables-multiport-subnet[port="22",blocktype="DROP",chain="fail2ban",mask4="24",mask6="64"]
Create config directory:
```
sudo mkdir /usr/local/etc/fail2ban-detect-subnets
```
Edit `/usr/local/etc/fail2ban-detect-subnets/conf`
Config line syntax:
```
{jail-name} {mask-ipv4} {mask-ipv6}
```
Example:
```
ssh 24 64
nginx 22 96
```
Run fail2ban-detect-subnets:
```
systemctl enable fail2ban-detect-subnets
systemctl start fail2ban-detect-subnets
```