hey guys, so I like the location block and IDS features but its not enough for my particular needs.
Sometimes its necessary for me to put certain IPs in timeout for a bit because they are probing around specific services.
I see in pakfire there isn’t a fail2ban package but is there a way to have guardian gaurd certain ports exposed on RED? Or when I block an IP via Gaurdian does it also apply on RED?
Is there a CLI way to add and remove blocked IPs for this? Is this only using like iptables to block users?
welcome in the IPFire community portal.
There is an article about guardian on our wiki, which should answer most of your questions.
Please feel free to ask, if there are still some questions left.
So it only protects the firewall. Okay. Good to know, thanks.
So what do you think would be the best way to say like block IPs that are very abusive to public ports?
What I have done is under firewall rules, I make a ruleset for each IP that I need to just permanently drop all packets. I have a suspicion that this way is not the most ideal but I wanted to verify with you guys.
I have a few ports of machines exposed on RED and need to put quite about 20 IPs in this block list. They keep on abusing say like ssh despite the fact that the machine with 22 exposed has fail2ban and I just wanted an effective way to just by default drop packets from these IPs to not waste my bandwidth on them.
*edit: I wanted to include how the rule looks.