Skribent: Simon Dato: Til: dng Emne: Re: [DNG] nftables firewall and fail2ban replacement.
Antony Stone <Antony.Stone@???> wrote:
> The one feature I'd like to see on fail2ban is multi-server communication, so
> that if one of my machines has a reason to block an address, it tells all my
> others to block that address as well.
That’s also possible to “roll your own”. I was considering this at my last place, but never got round to doing it.
The only hard bit is messaging between machines, but my plan was to send a message to the outside router so it could block the address at the perimeter.
One thought I had was to use syslog to send certain messages to the router’s syslog so fail2ban could pick them up and apply rules.