Fail2ban rules creation ?

Started by curto, March 10, 2021, 12:38:09 AM

Previous topic - Next topic
Hey Guys,

We have a number of OpnSense boxes out on the Internet now and behind those - mail servers and web servers/services.

We see a lot of activity with ANY exposed services on these systems with hackers trying to brute force their way in.

We have implemented fail2ban etc on some of these systems, but it would seem to me to be a more logical/powerful solution if OpnSense was able to be integrated to these systems in some fashion

e.g. when the threshold limit was reached on a machine with an exposed service, fail2ban would notify OpnSense and OpnSense would automatically create a rule blocking that source IP from ALL systems behind OpnSense.

Has anyone looked at this ?
