>>I still rely on F2B but found this is a good compliment. Like others here, I got tired of seeing repeat offenders. And the recidive function is nice, but it's still way more granular and resource hogging as it should be. With the ability, for example, to stop an entire class A or B block of space with a single firewall command, that's really resource efficient.>>>
There is a working option at https://github.com/fail2ban/fail2ban/issues/927 but only for iptables, no ipset nor firewalld compatibility. >>>I'm also seeing botnets get much more sophisticated. I'm seeing them learn the bantimes and maxtries variables and working around them automatically. I'm seeing them execute coordinated attacks from a diverse array if IPs that go uncaught by F2B. >> Check out these relatively new options mentioned here <https://visei.com/2020/05/incremental-banning-with-fail2ban/>: bantime.increment = true bantime.factor = 1 bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor You'll see logs like this: 2020-07-09 07:37:23,985 fail2ban.observer [4120416]: INFO [apache-fakegooglebot] IP 94.23.37.191 is bad: 4 # last 2020-07-08 11: 24:25 - incr 1:00:00 to 16:00:33 2020-07-09 07:37:23,985 fail2ban.observer [4120416]: NOTICE [apache-fakegooglebot] Increase Ban 94.23.37.191 (5 # 16:00:33 -> 2020 -07-09 23:37:56) 2020-07-09 07:37:23,991 fail2ban.filter [4120416]: INFO [recidive] Found 94.23.37.191 - 2020-07-09 07:37:23 2020-07-09 07:37:23,995 fail2ban.observer
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
