New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Netfilter: recidive #3950
Comments
I like the idea too. I thought about not using netfilter-mailcow for bans anymore but making it the task of the attacked application. I need to check how that could work in this case. |
Great idea, the main thing is that it is made more difficult for attackers, with mail servers, the noise is always more violent than with web servers, so automated bots that last brute force or similar should also be banned longer. By the above image I have in any case currently found for me a solution so that I block attackers access for a week. I'm sure you find a solution :) |
If you ban /24 for ipv4, you better ban /48 for ipv6 :) but to say I never had ipv6 brute force yet at all. |
I'd like something like this too, there appears to be whole net blocks that are being used to try to brute force mailboxes, for example I had these notifications today:
What I have been doing every few days is limiting my MUA display to just the IP ban emails, I copy all the It would be awesome if something could be automated around this. |
Your application is to much, and iptables get to big after some time if not used ipset, so recidive or something similar is the best way to manage 😊 |
I did have bans set for |
Hello, i have ipset blocklists on the host machine, but docker is working around it. what could be the right and most efficient way to implement a good blocking list/process ? |
This would be nice, should be extremely easy atleast if using Fail2ban instead of Netfilter |
As data hosted in regis it not hard to extend ban with additional data like expired boolean and repeat ban counter, time of ban expiration in epoch format by UTC, extend key expiration to time equal of time of forgetting the host and this way:
|
sorry, accidentally closed :\ |
Hello,
It would be good if repeat offenders could get a definable longer ban.
So this would no longer burden the system.
This givess eg at Fail2ban and should also be implemented here.
If an IP is banned X times, a new ban should last much longer.
Thanks in advance.
The text was updated successfully, but these errors were encountered: