On 10/6/2021 2:12 PM, Jan Hauge via Fail2ban-users wrote:
1: Dynamic blocking old legacy IP ranges that are being abused by spammers/hackers. Check out:http://www.theunsupported.com/2012/07/block-malicious-ip-addresses/ http://www.cyberciti.biz/tips/block-spamming-scanning-with-iptables.html I made my own modification for the scripts to work with nftables. Look up IP-deny.com. It will enable you to implement a rule to preform geo-blocking.
The first link appears to have been domain-squatted and I can't find an old snapshot at the Wayback Machine.
Try https://www.spamhaus.org/drop/ to learn more about the second service. See the FAQ for the DROP service for how frequently to download the different lists. (Daily should be fine.)
For those running RHEL/CentOS 7, I suggest using ipset instead of iptables. It's not hard to write a script that repackages a text file of CIDR into XML to feed into firewalld for management. ipset should be much more efficient and won't disrupt your firewall when you reload the set.
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
