> 2. In addition to fail2ban you can download a blocklist, and use that as > well. I found this public blocklist with a script on how to > automatically block the IPs on the list. > > [2]https://gist.github.com/klepsydra/ecf975984b32b1c8291a
+1 to using blocklists. I have been using firehol blocklists in a few places for some time and been quite happy. https://github.com/firehol They aggregate IP lists from a number of different sources and make them available in a standard format for easy consumption. You can pick and choose exactly which blocklists to deploy based on whatever criteria you come up with. You can choose to use firehol itself as your firewall framework, or not. I built a custom system that manages my firewall, so I can't speak to how well it works. If you do deploy a blocklist, make sure you are keeping its content up-to-date so you don't end up miscategorizing incoming traffic. Some of the blocklists are pretty stable and don't change much, but others change hourly. noah
