In the failtoban list I can see /32 subnets, but when I enter subnets into the whitelist, it becomes red. Are only IP addresses allowed?
/32 isn’t a subnet. It is a single IP address.
You likely understand that this does not answer my question, but you still posted this, likely just for the fun of it. Let’'s have fun!
It is the FreePBX development team, not I, who made a deliberate decision to occupy the on-screen space by the /32 mask, in the listing under the intrusion detection. I am an innocent victim here.
So, back to the OP: Are only IP addresses allowed?
Why, by the way? To make the lives of admins miserable by having us whitelist each /32 IP address of each network that we have to allow?
What are you trying to add? What error are you getting? I can add a subnet
2 Likes
If the field is shaded red/pink like this, you have a syntax error in your input.
Here, I’m missing an octet in the IPv4 address.
Can you provide an example of your actual input when the input field is red/pink?
1 Like
I think you nailed it! I don’t have the exact address that had caused the field to glow red, but I was able to reproduce the same by adding an extra leading or trailing space.
Maybe this could be a TODO item for some future development to adjust the regexp that validates the input, so as to ignore and trim blank spaces. For better times when the dev team has spare cycles. In a perfect world.
Since we are on the topic of intrusion detection, I want to also ask something that’s been bothering me for some time:
When I come to the intrusion detection tab of the firewall, it may show some 50-100 addresses that have been blocked. But when I add another whitelist and save, the list suddenly shrinks to only a handful. Why? Does it mean that all of the banned addresses are now allowed? Is there a way to persist the ban list and only keep adding to it? My timeout is set to 3 years, so none of them should be dropped from the list.