Le jeu. 25 mars 2021 à 19:45, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> a écrit : > > How about a distributed setup? > > Has anyone thought of a way getting IPs from various servers (say linux > & fail2ban) to the central OpenBSD (pf) firewall?
I send all my logs to a centralised syslog which runs fail2ban, and instead of using pf here, fail2ban injects bgp routes of "attackers" to my network. Then either an openbsd border firewall adds those prefixes to a pf table to drop the traffic from, or on a linux out-of-as host this installs a null route. With urpf enabled traffic gets dropped at ingress. This setup could scale a lot, bgp was made for distributing prefixes.