Re: [PLUG] Web Ass Pfirewall

Ron Nascimento via plug on 17 Mar 2021 13:34:43 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Web Ass Pfirewall

From: Ron Nascimento via plug <plug@lists.phillylinux.org>
To: Ron Mansolino <rmsolino@gmail.com>, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Web Ass Pfirewall
Date: Wed, 17 Mar 2021 16:33:54 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:date:in-reply-to:references:user-agent :mime-version; bh=lrUjHBML2zvp6RUbhPR3BgGlyBHZJicH4cUhOKd/WGU=; b=Olf7KB3DC4cygu4mXrdTbxdrzDyJPeXYoulSVDf4lWBimoOJ1nKIC+l82YG1Qidt+R uXX3WDX9POOqgAYr5c97uuROrN03KUi47KGt8BLeek+X9rH0zQVyPNqHMT/VmRbL9fK8 fe9RcRdyWUHxjRS8J93oIjdZn+n9lYxCuqoFHpF5KLYGqyPVl0nM/hfvzENN446Vh/OT aSSewXtAjUAfu+8oQ4nN7qL9IyABf3GReGW8vCNsb6QSrThPxgr/mlrUKqrfI/FR0ld4 5bDAL9y+Q5CWAvTYoBMA6ubCPtd0pScf78zFlOh4IYoWFeOcY1k9Xkt2yd5fams787WV +wRg==
Reply-to: Ron Nascimento <sgtnasty@gmail.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Evolution 3.38.1-1

Have you looked at fail2ban?

https://www.fail2ban.org

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs
that show the malicious signs -- too many password failures, seeking
for exploits, etc. Generally Fail2Ban is then used to update firewall
rules to reject the IP addresses for a specified amount of time,
although any arbitrary other action (e.g. sending an email) could also
be configured. Out of the box Fail2Ban comes with filters for various
services (apache, courier, ssh, etc).

On Wed, 2021-03-17 at 16:29 -0400, Ron Mansolino via plug wrote:
> I have a vps that I don't do too much with, essentially a dev server.
> 
> Because it sits out on the net it logs an unwieldy number of 
> intrusion attempts and nosey infogathering requests.
> 
> I've been manually filtering these with iptables, but that isn't
> scaling well (and it's impossible to block cloud services that
> continually allocate new netblocks). I'd like to block all of AWS,
> GCP, etc, but it's like playing whack-a-mole. I could use some
> suggestions for a WAF that I won't eventually have to pay for.
> 
> also, did the posting rules change here? I don't check here often,
> and things aren't working as I expect them to.
> _____________________________________________________________________
> ______
> Philadelphia Linux Users Group         --       
> http://www.phillylinux.org
> Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --  
> http://lists.phillylinux.org/mailman/listinfo/plug

Attachment: signature.asc
Description: This is a digitally signed message part

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Web Ass Pfirewall
  - From: Chris Thistlethwaite via plug <plug@lists.phillylinux.org>

References:
- [PLUG] Web Ass Pfirewall
  - From: Ron Mansolino via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] Web Ass Pfirewall
Next by Date: Re: [PLUG] Web Ass Pfirewall
Previous by thread: [PLUG] Web Ass Pfirewall
Next by thread: Re: [PLUG] Web Ass Pfirewall
Index(es):
- Date
- Thread