What was happened with this attacker?!

Today I have received a nice visit from a nice people from the world trying to get married with my server behind the ipfire :slight_smile:

My question is: ok… have established an handshake on port 443…that is open, after have tried to establish connection using the previous established connection from 443 to the port 80 that is closed. After I see two ping requests… and a latest trying on the por 22…

Could be a nice technics to set a trigger on this kind of attacks where the firewall ban completely the source IP?

Thank you.

Fail2Ban. Mabye one day it will be considered interesting as package. Otherwise… IPS.

What IPS I can use with Ipfire?

IPFire Wiki - Intrusion Prevention System (IPS)

It is already enabled…
There is a particular setting that I need to do?!?