Alan Orth
c2a92269e4
This uses the ipsets feature of the Linux kernel to create lists of IPs (though could be MACs, IP:port, etc) that we can block via the existing firewalld zone we are already using. In my testing it works on CentOS 7, Ubuntu 16.04, and Ubuntu 18.04. The list of abusive IPs currently comes from HPC's systemd journal, where I filtered for hosts that had attempted and failed to log in over 100 times. The list is formatted with tidy, for example: $ tidy -xml -iq -m -w 0 roles/common/files/abusers-ipv4.xml See: https://firewalld.org/2015/12/ipset-support |
||
---|---|---|
.. | ||
etc | ||
ssh-pub-keys | ||
00-persistent-journal.conf | ||
abusers-ipv4.xml | ||
abusers-ipv6.xml | ||
tarsnaprc |