How to implement simple generic auto ban function?
-
Hello,
Like every one's IP mine is hammered with intrusion attempts.
My SFTP-server has a solution for this in the form of ^an auto-ban function^, which blocks a source IP, if it tried to access for more than x-times in the past-y seconds. That ban holds for z-minutes.
That is IMHO a very worthy function, however two problems with it:
- it is related to my ftp-server and not to one of my IP's
- when using a proxy (e.g. HA-proxy) regretfully the in this example ftp-server, gets the proxy address and not the original address (= so the auto-ban function is gone)
So what I would like to have is a simple function or package ^in front of the real firewall^ listening to the WAN-interface which is performing the auto-ban function independent of the destination port / the targeted application.
Perhaps, I do not know, Snort or Suricata of pfBlocker can do something like that, however my impression is that, those packages are:
- behind the firewall and not between internet and WAN
- are all far more complex than what I have in mind
- are far more resource hungry than what I like
Any one a suggestion?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.