On 2021-03-02 22:35, Noah Meyerhans wrote:
2. In addition to fail2ban you can download a blocklist, and use
that as
well. I found this public blocklist with a script on how to
automatically block the IPs on the list.
[2]https://gist.github.com/klepsydra/ecf975984b32b1c8291a
+1 to using blocklists. I have been using firehol blocklists in a few
places for some time and been quite happy. https://github.com/firehol
They aggregate IP lists from a number of different sources and make
them
available in a standard format for easy consumption. You can pick and
choose exactly which blocklists to deploy based on whatever criteria
you
come up with.
You can choose to use firehol itself as your firewall framework, or
not.
I built a custom system that manages my firewall, so I can't speak to
how well it works. If you do deploy a blocklist, make sure you are
keeping its content up-to-date so you don't end up miscategorizing
incoming traffic. Some of the blocklists are pretty stable and don't
change much, but others change hourly.
Thanks for the tip on FireHOL, and all their block lists. I was using
just the blocklist.de list and updating it nightly. It looks like I
should be able to get better coverage by using more block lists.
You say that you chose not to use FireHOL itself, but instead chose to
roll your own. Could I ask why? are there problems or downsides to
FireHOL?
Thanks.
--
David Pottage
