I have fail2ban set for 6,000 seconds, and if there are any ip's which continue root login attempts after that I block them permanently and block the whole range if they're in China using: iptables -I INPUT -s 117.0.0.0/8 -j DROP That range is in China, but for some reason I can't get it added to iptables. No problem blocking other ip's or ranges in China or elsewhere. Could an intruder set his ip or ip range to not be blocked? No evidence of intrusion other than that I can't add that ip range to iptables. Btw, I can add the individual ip's like 117.41.186.187, but not the whole range--iptables -L shows the other ip's and ranges, but never 117.0.0.0/8 hmmm, for some reason if I use "iptables -L INPUT -n --line-numbers" 117.0.0.0/8 shows up, along with the multiple times I've tried to enter it. I didn't realize there would be a difference between "iptables -L" and "iptables -L INPUT -n --line-numbers"
