Install and configure Fail2Ban to block attacking hosts using a null route or blackhole routes.
- – Works on all kernel versions and as no compatibility problems (back to debian lenny and WAY further).
- – It’s FAST for very large numbers of blocked ips.
- – It’s FAST because it Blocks traffic before it enters common iptables chains used for filtering.
- – It’s per host, ideal as action against ssh password bruteforcing to block further attack attempts.
- – No additional software required beside iproute/iproute2
- – Blocking is per IP and NOT per service, but ideal as action against bruteforcing hosts.