Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to implement simple generic auto ban function?

    IDS/IPS
    1
    1
    181
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      louis2
      last edited by louis2

      Hello,

      Like every one's IP mine is hammered with intrusion attempts.

      My SFTP-server has a solution for this in the form of ^an auto-ban function^, which blocks a source IP, if it tried to access for more than x-times in the past-y seconds. That ban holds for z-minutes.

      That is IMHO a very worthy function, however two problems with it:

      • it is related to my ftp-server and not to one of my IP's
      • when using a proxy (e.g. HA-proxy) regretfully the in this example ftp-server, gets the proxy address and not the original address (= so the auto-ban function is gone)

      So what I would like to have is a simple function or package ^in front of the real firewall^ listening to the WAN-interface which is performing the auto-ban function independent of the destination port / the targeted application.

      Perhaps, I do not know, Snort or Suricata of pfBlocker can do something like that, however my impression is that, those packages are:

      • behind the firewall and not between internet and WAN
      • are all far more complex than what I have in mind
      • are far more resource hungry than what I like

      Any one a suggestion?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.