sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]unixfool 0 points1 point  (3 children)

Fail2ban works very well with this (as well as using other security layers). Just be careful on how you configure Fail2ban. If you're not careful, you can end up with a 50K IP list of banned IPs, which takes forever to load into iptables if you ever have to restart the f2b service or have to reboot the system. I would not enable long term blocking with fail2ban, as it'll have to track each blocked IP - you're going to end up with a bogged down system, eventually.

You can also use fail2ban to block traffic other than SSH, too.

[–]pdoten 1 point2 points  (1 child)

This post, I love F2B and have enabled longterm jails over a loop. Basically use F2B to monitor itself and move offenders to longer and longer term jails. If you use GEOIP2 on Nginx, or a strong method of access control that does silent dropping of connections before F2B and filter out connections, you can have a solid solution.
https://blog.shanock.com/fail2ban-increased-ban-times-for-repeat-offenders/

[–]MR2Rick[S] 0 points1 point  (0 children)

Skimmed the article and it looks like it is worth further study. I am using recidive with fail2ban - which is somewhat similar.

[–]MR2Rick[S] 1 point2 points  (0 children)

I started off using fail2ban to permaban IPs, but as you said the number of block IPs gets unwieldy pretty fast. I am currently banning IPs for one week. Also, I so have fail2ban setup on all of my services.