2 Mar
2015
2 Mar
'15
12:10 p.m.
On March 2, 2015 10:15:22 AM Tobi <tobster@brain-force.ch> wrote:
I have accumulated 45,000+ IPs which routinely try dictionary and 12345678 password attempts. The file is too big to create firewall drops, Have you also checked ipset (http://ipset.netfilter.org/) Its extremely powerful even with huge block lists
this is only usefull if real user have more then +45000 ips, and it why its not denynets in dovecot
using xtables geoip here, and could let fail2ban create xtable csv datafile that can be included in xtable build, then just use geoip firewall rule to allow in all other ips if thats the goal of allow many ips default
but i just default allow pr user country, all other is denyed connection