:: Re: [DNG] nftables firewall and fai…
Página Principal
Delete this message
Reply to this message
Autor: Antony Stone
Data:  
Para: dng
Assunto: Re: [DNG] nftables firewall and fail2ban replacement.
On Thursday 13 January 2022 at 11:41:48, Didier Kryn wrote:

>      My experience/understanding of fail2ban is that it's intended
> against attackers "smart" enough to periodically change their address.


I don't care whether it's individual attackers who change their address, or
multiple attackers each coming from one address; I use fail2ban to block
anyone who's clearly trying to "get in" or at least abuse my services (email,
SSH, SIP are th emost common I see) by trying some credentials, failing, and
then trying again and failing sufficient times in a short period that it can't
be someone who's supposed to get in.

I have also (like Simon) written my own rule to scan the fail2ban log file
itself, and add repeat offenders to a permanent block list, which also survives
reboots.

The one feature I'd like to see on fail2ban is multi-server communication, so
that if one of my machines has a reason to block an address, it tells all my
others to block that address as well.

> For fix addresses, custom iptables rules was the "simple" way to go. Now
> I guess it's custom nftables rules.


Where do you get the list of fixed address to block?


Antony.

--
The more 'success' you get, the easier it is to be disappointed by not getting
things.
The only difference is that now no-one feels sorry for you.

- Matt Haig

                                                   Please reply to the list;
                                                         please *don't* CC me.