In this article, we're going to set fail2ban up to react to failed SSH connections to the router.
This guide shows what I believe to be a superior method: set up a machine on the network capable of running fail2ban in a way that lets it monitor the logs on the router's behalf and manage its firewall from afar. RouterOS has logs and a suitable command interface to its firewall, but it's impractical to run fail2ban directly on the router. After a configurable period of time, it automatically un-bans them. The popular fail2ban tool monitors log messages for suspicious activity, then issues firewall commands to temporarily ban those hosts.
0 kommentar(er)
