- Newest
- Most votes
- Most comments
Hello,
When I am looking to make dynamic firewall rules that are based on what the host is actually receiving, I generally don't go any further then fail2ban. From their main page:
"Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc)."
Once of the best features is that it allows you to set the ban time for the IP's that it bans so nothing need be permanent. Set it for any value that makes sense to you, maybe between 8-24 hours.
Main page: https://www.fail2ban.org/wiki/index.php/Main_Page docs: https://www.fail2ban.org/wiki/index.php/MANUAL_0_8
Best Craig
Relevant content
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 5 months ago