search for: cidrmerge

I'm running Centos 7.8.2003, with firewalld. I was getting huge numbers of ssh attempts per day from a few specific ip blocks. The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24 and 118.0.0.0/24, and they amounted to a multiple thousands of attempts per day. I installed and configured fail2ban, but still saw a lot of attempts in the logs, and the ipset created was

...listed? If so, consider switching to hash:net which uses CIDR style entries. Individual addresses become 1.2.3.4/32 but blocks can be included with a single entry. My ipset has about 40,000 entries, but covers millions of IP addresses. If you do switch look on the net for a program called "cidrmerge". It takes a list of IP addresses and CIDR networks, sorts them and merges multiple entries into a single network where possible. Jon -- Jon H. LaBadie jcu at labadie.us