I have been using the mail module and recently started using fail2ban. I was interested in a feature to permanently ban repeat offenders.
Recently i noticed that i have been getting frequent repetitive attacks from one particular IP Address. In order to block these i currently create a firewall group and block all traffic from this group. I then create a host for each offending IP and add it to that group.
It would be preferable to have an option to set jails to automatically drop/block any connections from offending IPs after a preset number of tries. It would also be nice to be able to manually add/remove IP from this list.
I must admit that i am not well versed with terminal commands and tend to prefer gui to get things done when i can.
I Like the idea at the link you showed [quote=“giacomo, post:2, topic:9045”]
[/quote]
Basically i am doing shorewall to block the sites, but it is tedious and i need to manually enter these, for example last night i had three distinct IP addresses attack nonstop (well as soon as the timeout expired) i didn’t see it till this morning, which is when i added them to a firewall DROP group i created, but i must do this one ip at a time and add a name, which gets tedious when i have a few of them.
Would be great if Fail2Ban would automatically add these users to permanent Jail after x consecutive jails.
I would also recommend that Fail2Ban be included in the Nethserver Software Center, I only came up on it by chance after i ran into a tutorial from @stephdl which lead me to start browsing his repository. It should be an integral part of Nethserver Security that everyone should have.
I had to go do some reading I didn’t look into recidive until you mentioned it, and after checking my logs i saw that some IPs are being banned with recidive.
I still however believe that it is too complicated for novices like myself to fiddle with these settings via commands as opposed to a basic gui for each jail allowing easy configuration of the settings. Especially on my production server. My end-users are like wolves, they will eat me alive if any service fails
I didn’t look into recidive until you mentioned it, and after checking my logs i saw that some IPs are being banned with recidive.