ConfigServer Community Forum

Posted: **01 Apr 2014, 17:53**

I'd like the option to ban a whole /24 or larger when a custom trigger or other event happens.

Bonus if there are individual settings for temp ban vs perm ban

(ie. a temp ban, just the single ip, temp moving to perm ban = whole /24, or maybe other way around)

I could have sworn csf/lfd already had something like this but maybe I am mistaken.

Am I correct in that there is no extra burden on iptables to block a /24 vs single IP ?

Posted: **01 Apr 2014, 18:27**

Check "Temp to Perm/Netblock Settings", in there you can configure that.

Permanently block IPs by network class. The following enables this feature
to permanently block classes of IP address where individual IP addresses
within the same class LF_NETBLOCK_CLASS have already been blocked more than
LF_NETBLOCK_COUNT times in the last LF_NETBLOCK_INTERVAL seconds. Set
LF_NETBLOCK to "1" to enable this feature

This can be an affective way of blocking DDOS attacks launched from within
the same network class

Valid settings for LF_NETBLOCK_CLASS are "A", "B" and "C", care and
consideration is required when blocking network classes A or B

Set LF_NETBLOCK to "0" to disable this feature

ConfigServer Community Forum

option to auto ban whole /24 not just single IP

option to auto ban whole /24 not just single IP

Re: option to auto ban whole /24 not just single IP