Fail2ban ipset choice #3152
-
I have a wordpress site on Ubuntu20.04 and Nginx that gets hit by large number of ip addresses, I use iptables-allport, but its pretty slow and has cpu overheads. I have read that ipsets are faster than iptables and want to use ipset to ban offending ip addresses. There are at least 3 ipset action conf files : Also, I came across this repo: fail2ban-ipset , any idea about this? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
See https://serverfault.com/a/1082704/488604
I don't like the idea for several reasons, most of them described in #2909 and others. |
Beta Was this translation helpful? Give feedback.
See https://serverfault.com/a/1082704/488604
I don't like the idea for several reasons, most of them described in #2909 and others.
Preventive banning no matter in fail2ban or outside or a ban of large lists for recidive IPs for a long time (or still worse permanently) is not recommended at all, see #2925 (comment) for more info.
Also note that since v.0.11 fail2ban has a new feature
bantime.increment
which could be used instead.The bottom line is that neither recidive jail nor persistent banning are expected if you use bantime increment - both are o…