On Tue, Jun 16, 2020 at 5:16 AM Nick Howitt <[email protected]> wrote:
> As I don't open SSH any more, I don't see the issue, but there was one > notorious Chinese subnet which did this. The best thing to do is just to > permanently block the whole subnet in your firewall. > I do subnet blocks for one rule in a postfix filter as no one should be > sending mail from a dynamic IP. I use this to block > .dynamic.163data.com.cn and .mari-el.ru IP blocks but this technique is > not really applicable to SSH. > I block a lot of whole countries who have no business trying to connect to my network using the ipdeny subnets. I used the following article to do it: https://www.linode.com/community/questions/11143/top-tip-firewalld-and-ipset-country-blacklist I have since created a bash script to make it even easier to update and systemd service file/timer to update the lists from ipdeny on a monthly basis. Thanks, Richard
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
