On 1/17/26 10:24 AM, Randall Rose wrote:
Thanks everyone for these thoughtful and helpful replies.
Nice summary. A restatement of facts that are familiar to some but not to all is be valuable perspective.
One quibble:
6. Fail2ban is a way to help protect against repeated attacks that get past your firewall (such as brute-force attacks), though it only works if you get multiple repeated attacks coming from the same IP address.
Even without fail2ban OpenSSH is quite rate limited, fail2ban is extra complexity (complexity is always bad) for maybe insufficient benefit (benefit is always).
Reasons why I still think a firewall is worthwhile:
Good points, but there is still the question of when the extra complexity of a firewall offers enough benefit. As you have seen, here are people on both sides on this list.
Glad you got things working! -kb _______________________________________________ Discuss mailing list [email protected] https://lists.blu.org/mailman/listinfo/discuss
