Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Netfilter seems too keen #2027

Closed
chriscroome opened this issue Nov 19, 2018 · 2 comments
Closed

Netfilter seems too keen #2027

chriscroome opened this issue Nov 19, 2018 · 2 comments

Comments

@chriscroome
Copy link
Contributor

chriscroome commented Nov 19, 2018
edited

On a Mailcow server I now have these Netfilter settings (you can see from the logs below that these variables were set to ban for longer):

  • Ban time (s): 600
  • Max. attempts: 10
  • Max. attempts: 300
  • IPv4 subnet size to apply ban on (8-32): 8
  • IPv6 subnet size to apply ban on (8-128): 8

Today there have been brute force attempts / a user with a misconfigured client from a Virgin Media IP address (they are the only cable Internet provider in the UK and perhaps have around a third or even a half of the market):

docker-compose logs --no-color netfilter-mailcow | grep " 86\."       
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 4 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 3 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 2 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 1 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | Unbanning 86.0.0.0/8
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 4 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 3 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 2 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 1 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | Unbanning 86.0.0.0/8
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 4 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 3 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 2 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 1 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | Unbanning 86.0.0.0/8
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 4 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 3 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 2 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 1 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | Unbanning 86.0.0.0/8
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 4 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 3 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 2 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 1 more attempts in the next 600 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 30 minutes
netfilter-mailcow_1_873dbec7bd16 | Unbanning 86.0.0.0/8
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 120 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 120 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 120 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | Unbanning 86.0.0.0/8
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 120 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 120 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 120 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 120 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 120 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 120 seconds until 86.147.72.XX/32 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 120 seconds until 86.147.72.XX/32 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 120 seconds until 86.147.72.XX/32 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 120 seconds until 86.147.72.XX/32 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 120 seconds until 86.147.72.XX/32 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 4 more attempts in the next 120 seconds until 86.147.72.XX/32 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 3 more attempts in the next 120 seconds until 86.147.72.XX/32 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 2 more attempts in the next 120 seconds until 86.147.72.XX/32 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 1 more attempts in the next 120 seconds until 86.147.72.XX/32 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.147.72.XX/32 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.147.72.XX/32 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.147.72.XX/32 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.147.72.XX/32 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.147.72.XX/32 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.147.72.XX/32 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | Unbanning 86.147.72.XX/32
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 4 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 3 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 2 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 1 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | Unbanning 86.0.0.0/8
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 4 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 3 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 2 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 1 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | Unbanning 86.0.0.0/8
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 9 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 8 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 7 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 6 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 5 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 4 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 3 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 2 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | 1 more attempts in the next 300 seconds until 86.0.0.0/8 is banned
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 10 minutes
netfilter-mailcow_1_873dbec7bd16 | 86.147.72.XX matched rule id 2
netfilter-mailcow_1_873dbec7bd16 | Banning 86.0.0.0/8 for 10 minutes

Why is the whole of 80.0.0.0/8 being banned?

This policy has the danger of catching innocent IP addresses, would it be possible to just ban the offending IP address and not such a large subnet?
@chriscroome
Copy link
Contributor Author

Some of the other subnets that were unbanned when I restarted the netfilter container earlier today:

Mailcow netfilter admin interface

@chriscroome chriscroome changed the title Netfilter seems to keen Netfilter seems too keen Nov 19, 2018
@chriscroome
Copy link
Contributor Author

chriscroome commented Nov 19, 2018
edited

My mistake, from IRC:

19:59 <@golden_receiver> <chrisc> how come such a large network is banned,
19:59 <@golden_receiver> <chrisc> in the netfilter config i have IPv4 subnet size to apply ban on (8-32): 8         
19:59 <@golden_receiver> that's why
19:59 <@golden_receiver> you ban /8
19:59 <@golden_receiver> 1.2.3.4 => 1.0.0.0/8
19:59 <@golden_receiver> and 1.0.0.0/8 is 1.0-255.0-255.0-255
19:59 <@golden_receiver> you should set it to 24 for IPv4
20:00 <@golden_receiver> and maybe 64 or 96 for IPv6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chriscroome