Idee von http://sven.rojek.de/posts/fail2ban-iprange-mit-blackliste-blocken eingearbeitet

filter.d/blocklist.conf

@@ -0,0 +1,18 @@
+# Fail2Ban configuration file
+ 
+[Definition]
+ 
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = ^ *: *<HOST>$
+ 
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 

filter.d/filter_ip-blacklist.conf

@@ -0,0 +1,15 @@
+[Definition]
+
+# Option:  failregex
+# Notes :  Detection of blocked ip addresses.
+# Values:  TEXT
+#
+
+failregex = ^<HOST>(/32.*|[^/].*)?$
+
+# Option:  ignoreregex
+# Notes :  Regex to ignore.
+# Values:  TEXT
+#
+
+ignoreregex =

filter.d/filter_ip-blacklist16.conf

@@ -0,0 +1,15 @@
+[Definition]
+
+# Option:  failregex
+# Notes :  Detection of blocked ip addresses.
+# Values:  TEXT
+#
+
+failregex = ^<HOST>/16.*$
+
+# Option:  ignoreregex
+# Notes :  Regex to ignore.
+# Values:  TEXT
+#
+
+ignoreregex =

filter.d/filter_ip-blacklist24.conf

@@ -0,0 +1,15 @@
+[Definition]
+
+# Option:  failregex
+# Notes :  Detection of blocked ip addresses.
+# Values:  TEXT
+#
+
+failregex = ^<HOST>/24.*$
+
+# Option:  ignoreregex
+# Notes :  Regex to ignore.
+# Values:  TEXT
+#
+
+ignoreregex =

filter.d/filter_ip-blacklist8.conf

@@ -0,0 +1,15 @@
+[Definition]
+
+# Option:  failregex
+# Notes :  Detection of blocked ip addresses.
+# Values:  TEXT
+#
+
+failregex = ^<HOST>/8.*$
+
+# Option:  ignoreregex
+# Notes :  Regex to ignore.
+# Values:  TEXT
+#
+
+ignoreregex =