My intention is that as the IPS detects this malicious traffic attempt to block that IP to avoid future attacks in case the IPS does not detect it and to take work away from the IPS. This is the reason also why I inform to the admin via mail
It has blocking capacity.
To the layman
F2B and Guardian
Have similar capacities.
The problem or key differance I see would be ease of adding this feature and or configuring this added feature.
I’m sure it doesn’t come out of the gate setup for all situations.
I have not setup either.
The documentation for Guardian 2.0 I could not find.
So that would not make it easy to configure for your added use case.
F2B may have more Documentation and Tutorials.
Trust me I’m suprized F2B is not in the Addon list.
It is located at
https://www.ipfire.org/docs/addons/guardian
It is an IPFire created package that uses the principle of F2B specifically for brute foce attack detection of the WUI Login and for SSH being used with passwords.
Someone would have to go and build it and create the submission patch and submit it to the dev mailing list and commit to keeping it updated.
There are already a lot of addons that I update but have no knowledge on how to use them and therefore no ability to test that the update has not created a problem with their operation. Hopefully actual users will test any updated addon out as part of the Testing phase or at least when it is released. However there have been addons that were updated, the update caused the addon to stop working and it was not identified by a user for several years.
If an individual user wants to use something like F2B then they can always build it as a local addon for their system.
https://www.ipfire.org/docs/devel/ipfire-2-x/addon-howto
2 Likes