Ban /48 or /56 subnets instead of single IPv6

Maria · February 27, 2026, 9:56am

AFAIK, the integrated brute force protection only blocks single IPv4 or IPv6.

That approach is no longer working for IPv6.

A single home user that gets a /48 prefix, can attack with 1,208,925,819,614,629,174,706,176 addresses.

A single home user that gets a /56 prefix, can attack with 4,722,366,482,869,645,213,696 unique addresses.

So instead I would like to Vaultwarden to ban /48 or /56 subnets.

PS: Same problem made fail2ban useless, last time I checked.

Pagan6671 · March 1, 2026, 10:57am

I’m using reaction instead of fail2ban to easily ban /64 subnets. Also it uses way less resources than fail2ban, so I recommend it.

Topic		Replies	Views
Vaulthardening against brutforce attacks Help	0	274	November 14, 2023
Vaultwarden log show me a Block, but why? Help	1	124	February 6, 2026
Block only admin page with Fail2Ban Third Party Help	5	1400	July 3, 2021
Fail2Ban works but iptables not banning Help	0	93	January 3, 2025
Fail2ban help needed please Help	1	254	June 3, 2024