0

If I have a CIDR like 13.54.63.128/26 can fail2ban-client tell me if there's an IP in this range that's currently banned?

Currently I'm doing:

CIDR="13.54.63.128/26"
nmap -sL -n $CIDR | awk '/Nmap scan report/{print $NF}' | while read ip
do
  sudo iptables -L -n | grep $ip
done

which does the job, but feels a bit hacky.

Please note this is not a question concerning fail2ban's partial IP matching. I want to know the client's ability to report on banned IPs.

jaygooby
  • 314
  • 1
  • 2
  • 13
  • 3
    Does this answer your question? [Fail2ban partial IP match possible?](https://serverfault.com/questions/1080041/fail2ban-partial-ip-match-possible) - currently, fail2ban does not have Subnet support, its planned for the future – djdomi Oct 21 '21 at 15:18
  • I feel the ability of `fail2ban-client` to tell if some IP from a given range is banned is *also* the ability of *fail2ban* (as a product) to do a partical IP matching. Not for adding a range into ban instead of single IP; the matching is going to be peformed for other use case, but the "duplicate" answer still fully applies. – Nikita Kipriyanov Nov 27 '21 at 11:33

1 Answers1

3

There is a nifty little tool grepcidr that is useful for quick shell scripts that need to find matches from a specific CIDR in a list with IPv4 or IPv6 addresses.

 sudo iptables -L -n | grepcidr  "13.54.63.128/26"
Johhnie
  • 223
  • 1
  • 4