On Thursday 13 January 2022 at 11:41:48, Didier Kryn wrote:
> My experience/understanding of fail2ban is that it's intended
> against attackers "smart" enough to periodically change their address.
I don't care whether it's individual attackers who change their address, or
multiple attackers each coming from one address; I use fail2ban to block
anyone who's clearly trying to "get in" or at least abuse my services (email,
SSH, SIP are th emost common I see) by trying some credentials, failing, and
then trying again and failing sufficient times in a short period that it can't
be someone who's supposed to get in.
I have also (like Simon) written my own rule to scan the fail2ban log file
itself, and add repeat offenders to a permanent block list, which also survives
reboots.
The one feature I'd like to see on fail2ban is multi-server communication, so
that if one of my machines has a reason to block an address, it tells all my
others to block that address as well.
> For fix addresses, custom iptables rules was the "simple" way to go. Now
> I guess it's custom nftables rules.
Where do you get the list of fixed address to block?
Antony.
--
The more 'success' you get, the easier it is to be disappointed by not getting
things.
The only difference is that now no-one feels sorry for you.
- Matt Haig
Please reply to the list;
please *don't* CC me.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
