My question is thus, is there a way to optimize
or cleanup the bans so itâs based on
wildcards or subnets instead? Or should I not
worry about this as iptables is not affected
performance wise by +1000 banned ips?
There is a great project that works in harmony
with Fail2Ban that does this called Login-Shield.
See: https://github.com/dpsystems/login-shield
This is a subnet based blacklist that's regularly
updated, and I've found it blocks 99% of most attacks.
It significantly reduces the stress on F2B's need
to block individual IP addresses. By default it
blocks a lot of the rogue IP space in places like
China, Russia, Korea and areas where there
shouldn't be anybody trying to log into your server from.
There's also a version for protecting web servers
from malicious probes called
Web-shield: https://github.com/dpsystems/web-shield
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
