78.128.113.62 - - [04/Jan/2020:19:59:33 +0530] "GET /efk-dashboard HTTP/1.1" 404 66914 "-" "python-requests/2.13.0" There are mulitple access records like this even after I have run the commands Code: ufw deny from 78.128.113.58/24 //for ufw ip route add unreachable 78.128.113 //for fail2ban I also restarted the fail2ban service after adding the ip How to fix this issue, I run out of idea.
What has this got to do with fail2ban? ip route manipulates the routing table. If you want to add IP to fail2ban, use fail2ban commands. Code: fail2ban-client set <jailname> banip 78.128.113.58
I have configured fail2ban with route as instructed somewhere here. like [DEFAULT] banaction = route in fail2ban jail.local. so will it not work with fail2ban. I am not sure.
Code: ufw deny from 78.128.113.58/24 //for ufw You know that a /24 is 254 IP addresses? As far is a i know.. you should use Code: ufw deny from 78.128.113.58/32 Not sure if command is complete though.. Quick search shows: Code: sudo ufw deny from {ip-address-here} to any for example: sudo ufw deny from 78.128.113.58 to any
Actually the ufw rule was getting inserted after the allow rule so what I did deleted that rule and reinserted using Code: ufw insert 1 deny 78.128.113.58/24 to any
Again, /24 is a whole network. Like most home networks are 192.168.0.1/24 (which means ip addressess from 192.168.0.1 to 192.168.0.254). A /32 is a single ip address.