I wonder whether I could have fail2ban watch it’s own log such that anybody that got banned three times for 10min each (the default) would get banned for an 1h or more?


That is certainly possible! And it should be quite easy to write that rule :)

@kensanata that’s not a bad idea. I used to have rolling 30 day reports generated every week and then manually add firewall rules to block any repeat offenders.

It reminds me of the one time we had a ton of dodgy requests coming from thousands of Chinese addresses so we simply added the entire countries address block to the firewall.

@carbontwelve Yeah, I’ve added whole blocks owned by Chinese ISPs in the past. 🤨
Perhaps I have to start looking for a better report on the fail2ban log file.

Sign in to participate in the conversation

Octodon is a nice general purpose instance. more