15 Jul
2021
15 Jul
'21
8:24 p.m.
I have found that dynamic IP blocking programs such as sshguard or fail2ban are a CPU burden since that table needs to be refreshed as new IPs are added or removed so I have stopped using them.
Have you seen ipset? https://ipset.netfilter.org/
It is built for dynamically adding/remove IP's from a firewall without changing a table or rules or reloading the firewall. It holds a hashmap in memory of what IP's to block and integrates into the kernel. However you have to build your own mouse trap to use it. I don't know of anything out of the box that would automatically add IP's to it, i wrote my own script that gets fed log lines from rsyslog to do it.