I want to suggest that the official launch a function like Fail2ban.

Started by wuwzy, November 14, 2022, 04:15:27 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 14, 2022, 04:15:27 AM
I would like to suggest that the official launch of a function: similar to the function of Fail2ban, or cooperate with it. Realized function: When the set number of wrong attempts is exceeded, the IP will be added into a list, and it will be blocked, or the connection will be prohibited for a set period of time. I don't know if such a function is expected by everyone.
The problem now is that some junk ip is constantly scanning and trying. Every day, every hour, it is really disgusting to see. Even if you add a blacklist to the firewall and add major blacklists to Intrusion Detection and Prevention. But in Maltrail, some IPs are constantly doing nasty things.
Not sure if I made my point. Please understand.
November 14, 2022, 06:18:26 AM #1
Have you tried CrowdSec ? It can do what Fail2ban can and more.
There's a CrowdSec plugin though I haven't tried it yet in OPNSense, it works great on my Linux server though.
November 14, 2022, 06:56:33 AM #2
Suricata can do what you need. It just doesnt have the attempts counter but bans them instantly.
November 15, 2022, 04:11:37 AM #3
Quote from: zan on November 14, 2022, 06:18:26 AM
Have you tried CrowdSec ? It can do what Fail2ban can and more.
There's a CrowdSec plugin though I haven't tried it yet in OPNSense, it works great on my Linux server though.

thanks. CrowdSec  Doesn't work, it's a good program, but under opnsense, it's a photo, just look at it.
November 15, 2022, 04:24:34 AM #4
Quote from: Supermule on November 14, 2022, 06:56:33 AM
Suricata can do what you need. It just doesnt have the attempts counter but bans them instantly.

Suricata is also being used and has many advantages, but for operations that do not exist in the rules, I don't know what corresponding operations it will make. Of course, the matching of rules is more extensive. But it does not prevent the defense against simple brute force attempts like fail2ban, and can manage the blocking time of such IPs. If you need to add a period, I hope it is 3650 days.   ;D ;D ;D
November 15, 2022, 12:56:48 PM #5
Quote from: wuwzy on November 15, 2022, 04:11:37 AM
Quote from: zan on November 14, 2022, 06:18:26 AM
Have you tried CrowdSec ? It can do what Fail2ban can and more.
There's a CrowdSec plugin though I haven't tried it yet in OPNSense, it works great on my Linux server though.

thanks. CrowdSec  Doesn't work, it's a good program, but under opnsense, it's a photo, just look at it.
It's working for me, stopping brute force and slowbf. I've no idea what you mean is just a photo.
I run an ssh server behind OPN and that has fail2ban on it as another line of defense. But crowdsec is stopping some of the attempts before it gets to the server, and is also stopping the attempts on the firewall itself.
Pretty nifty actually.
Print
Go Up Pages1
User actions