On 11/10/19 8:55 AM, Gene Heskett wrote:

> Thats an approximate idea of my understanding how it works, but to 
> gradually transit from manual reading of the logs and applying iptable 
> rules to block the miscreants, the first step would seem to indicate 
> training fail2ban to read the same log file I am. 

Have you looked at Logwatch?

It'll tell you, every morning, the things iptables (and maybe fail2ban)
bounced, the IP, the protocol, the number of hits, and the port. From
that info, and whois on the IP, I can block, in iptables or the router,
entire naughty nets hitting my server (most nets I block are massive
jerks or outside this country).

Glenn English

Reply via email to