Doing more research it seems that https://github.com/crowdsecurity is the ultimate fail2ban replacement that can handle buckets by "user" as well as IP (and more...). I think I'm going to give it a try.
Steve October 6, 2021 9:30 PM, "Kenneth Porter" <sh...@sewingwitch.com> wrote: > On 10/6/2021 2:12 PM, Jan Hauge via Fail2ban-users wrote: > >> 1: Dynamic blocking old legacy IP ranges that are being abused by >> spammers/hackers. Check out: >> >> http://www.theunsupported.com/2012/07/block-malicious-ip-addresses >> http://www.cyberciti.biz/tips/block-spamming-scanning-with-iptables.html >> >> I made my own modification for the scripts to work with nftables. >> Look up IP-deny.com. It will enable you to implement a rule to preform >> geo-blocking. > > The first link appears to have been domain-squatted and I can't find an old > snapshot at the Wayback > Machine. > > Try https://www.spamhaus.org/drop to learn more about the second service. See > the FAQ for the DROP > service for how frequently to download the different lists. (Daily should be > fine.) > > For those running RHEL/CentOS 7, I suggest using ipset instead of iptables. > It's not hard to write > a script that repackages a text file of CIDR into XML to feed into firewalld > for management. ipset > should be much more efficient and won't disrupt your firewall when you reload > the set. > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
