[CentOS] bruteforce protection howto

Sat Mar 20 22:35:07 UTC 2010
Larry Brower <larry-lists at maxqe.com>

Larry Vaden wrote:
> On Sat, Mar 20, 2010 at 5:17 PM, Vadkan Jozsef <jozsi.avadkan at gmail.com> wrote:
>> What's the best method to ban that ip [what is bruteforcig a server]
>> what was logged on the logger?
>> I need to ban the ip on the router pc.
> 
> <http://www.fail2ban.org/wiki/index.php/Main_Page> but you may have to
> run fail2ban on the server instead of on the logger.
> 
> kind regards/ldv

+1

you might also look at APF + BFD as it works as well. Both solutions 
are intended for the server and not for a remote host, however you 
could probably work around this with a small shell script.

This does beg the question, why are you wanting to ban the IP's on the 
router box as opposed to the machine being targeted? The whole point 
of a router is to route traffic, not enforce firewall policy. This 
would be better handled by a firewall of all things, be it a hardware 
appliance (ASA, PIX, Juniper HSC) or iptables on the machine itself. 
You might keep in mind that the more firewall rules you add to the 
router the slower the  network will become as all packets have to be 
checked against all rules. Just my opinion ;)