Michael Lazin via plug on 24 Mar 2021 13:50:51 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Web Ass Pfirewall

It can make some server load but if you are going to use fail2ban you can automatically report attacking IP addresses using this premade code on blocklist.de,


A friend of a friend runs this, I have used this before, it makes some server load so keep it in mind.

Really it is better to use ssh key pairs to avoid brute-force ssh attacks than using fail2ban.  Both Microsoft and Amazon force this by default with their hosting.  It is a good solution, and relatively easy to set up.  I have found github has very good documentation on generating ssh key pairs. 


Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.

On Wed, Mar 24, 2021 at 4:38 PM Fred Stluka via plug <plug@lists.phillylinux.org> wrote:

> Iptables is still pretty good for blocking / choking traffic.  You can
> automatically block bad actors / abusive IPs by using the various
> limit modules.  One of my favorite rules simply blocks SSH ingress
> based on packets per hour.  You exceed the limit, you get blocked for
> a certain amount of time.

Can you do that with iptables alone?  Or does it need something
like fail2ban to change the iptables rules dynamically?

> It works beautifully and is just one rule.

Care to post the rule?

Fred Stluka -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug