:: Re: [DNG] nftables firewall and fai…
Top Page
Delete this message
Reply to this message
Author: Simon
Date:  
To: dng
Subject: Re: [DNG] nftables firewall and fail2ban replacement.
Antony Stone <Antony.Stone@???> wrote:

> The one feature I'd like to see on fail2ban is multi-server communication, so
> that if one of my machines has a reason to block an address, it tells all my
> others to block that address as well.


That’s also possible to “roll your own”. I was considering this at my last place, but never got round to doing it.
The only hard bit is messaging between machines, but my plan was to send a message to the outside router so it could block the address at the perimeter.

One thought I had was to use syslog to send certain messages to the router’s syslog so fail2ban could pick them up and apply rules.

Simon