With nethserver-fail2ban installed I can see that some IPs are banned (launch fail2ban-listban) but not by fail2ban because I cannot find something in logs
I do not understand who blocked these IP, it seems it is not fail2ban…or we have a bug
how to gather information on the fail2ban work
db fail2ban show BLOCKED_IP #should give back information (how many ban and last ban)
grep -srni 'xxx\.xxx\.xxx\.xxx' /var/log # should give back any reference to this IP
You can find this strange IP by comparing fail2ban-client status jailName (or fail2ban-listban) and shorewall show dynamic
[2]0.0.0.0/8 reserved for self-identification [RFC1122], section 3.2.1.3.
Reserved by protocol. For authoritative registration, see [IANA registry iana-ipv4-special-registry].
/devils advocate mode: could this get abused in any way? Looks like it is intended for identification purposes.
yes these IP should be never used but I do not understand what services banned them, Fail2ban makes log of everything and bans from logs reading, so definitively I must find traces