[advice needed] Iptables and fail2ban - RIPE NCC

Discussion in 'General' started by Apryaldy, Feb 14, 2018.

  1. Apryaldy

    Apryaldy New Member

    Hi,

    I just paid attention on the fail2ban-log page, and saw something like this:
    2018-02-14 01:14:12,118 fail2ban.actions[871]: WARNING [postfix-sasl] Ban 37.49.225.161
    2018-02-14 01:24:12,806 fail2ban.actions[871]: WARNING [postfix-sasl] Unban 37.49.225.161

    there are many of them, i check on who.is, mostly the IP was come from RIPE NCC,
    I learn that using iptables, i could block them (iptables -A INPUT -s 37.0.0.0/8 -j DROP)

    but, just wondering, does I really need to do that?
    or just leave it be?
    will this effecting performance of the server in the future?

    Kindly need your advice.

    Thank you.
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

    I sure wouldn't try to update a block list manually, that would be never-ending and about impossible to keep up with what addresses should be removed. You could step up the fail2ban configuration to block more and longer, eg. take a look at the 'recidive' jail in the Debian Jessie fail2ban package for how to block repeat offenders for a longer period. There are various IP reputation lists/services you could utilize to keep known bad it's away; if you have a network firewall you might see what it can do in that regard.
     

Share This Page