I'd like the option to ban a whole /24 or larger when a custom trigger or other event happens.
Bonus if there are individual settings for temp ban vs perm ban
(ie. a temp ban, just the single ip, temp moving to perm ban = whole /24, or maybe other way around)
I could have sworn csf/lfd already had something like this but maybe I am mistaken.
Am I correct in that there is no extra burden on iptables to block a /24 vs single IP ?
option to auto ban whole /24 not just single IP
Re: option to auto ban whole /24 not just single IP
Check "Temp to Perm/Netblock Settings", in there you can configure that.
Permanently block IPs by network class. The following enables this feature
to permanently block classes of IP address where individual IP addresses
within the same class LF_NETBLOCK_CLASS have already been blocked more than
LF_NETBLOCK_COUNT times in the last LF_NETBLOCK_INTERVAL seconds. Set
LF_NETBLOCK to "1" to enable this feature
This can be an affective way of blocking DDOS attacks launched from within
the same network class
Valid settings for LF_NETBLOCK_CLASS are "A", "B" and "C", care and
consideration is required when blocking network classes A or B
Set LF_NETBLOCK to "0" to disable this feature