Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IP ignore list does not use regex ? #2269

Closed
happy-v587 opened this issue Nov 2, 2018 · 1 comment
Closed

IP ignore list does not use regex ? #2269

happy-v587 opened this issue Nov 2, 2018 · 1 comment
Labels
closed-as-unlikely-to-be-implemented

Comments

@happy-v587
Copy link

when I add ip ignore list , I have found

[root@ai fail2ban]# fail2ban-client get sshd ignoreip
These IP addresses/networks are ignored:
|- 127.0.0.1/8
|- and
`- 192.168.222.1

is that ok?

I think add IP regex is better.
@sebres
Copy link
Contributor

sebres commented Nov 2, 2018

is that ok?

What you are expecting?

I think add IP regex is better.

A list of IP address (resp. a subnet mask) is totally enough for ignore purposes.
For an ignore entry as DNS (FQDN) a regexp or grep match would be possibly interesting, but in this case fail2ban have to do a reverse DNS lookup each time it founds a failure, thus it is simply more expensive.
But if you have own DNS service locally, you can simply create a zone that have several IPs and simply add this FQDN to ignore list.

Furthermore fail2ban has still another handling ignorecommand for any other purposes you may need.
See for example #2013 (comment)

@sebres sebres closed this as completed Nov 2, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed-as-unlikely-to-be-implemented
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sebres @happy-v587