Hello, I’m wondering if Fail2ban is able to read the IPs to ban from a BGP feed or a routing table?
The idea would be to centralise the logs, parse them and then send the route for the IPs via BGP (this part seems to be easily doable with Fail2ban). But then, on each edge router, I would like to read this BGP feed (or a specific routing table) and then inject it into the firewall. I tried to look for this mechanism into netfilter directly, but it doesn’t seem to be there. (something à la flowspec) Another idea would be to have an ExaBGP daemon on each edge router, and make it write the actions that Fail2ban has to take on a file, and write a specific jail to read the file and add/del the IPs on the firewall. I’m not an experienced Fail2ban user so I’m asking for some advises there, does it look crazy? Do you have better idea? Etc. The idea is to block malicious IPs on the whole network instead of each server. I’m not looking for a blocking of specific ports/protocols, if an IP is too noisy I want to block it entirely. Thanks, -- Alarig _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
