fev 092021


Install and configure Fail2Ban to block attacking hosts using a null route or blackhole routes.

– Works on all kernel versions and as no compatibility problems (back to debian lenny and WAY further).
– It’s FAST for very large numbers of blocked ips.
– It’s FAST because it Blocks traffic before it enters common iptables chains used for filtering.
– It’s per host, ideal as action against ssh password bruteforcing to block further attack attempts.
– No additional software required beside iproute/iproute2
– Blocking is per IP and NOT per service, but ideal as action against bruteforcing hosts.

Continue reading »