[previous article hasn't appeared on gmane yet]
On 2014-06-16, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote:
> On 06/17/2014 01:46 AM, Bret Taylor wrote:
>> Get rid of fail2ban, it's not needed. Just write a proper firewall.
> Are you series??
> There are applications that fail2ban offers them things which others
> just can't..
Indeed, fail2ban and their ilk (e.g. my new favorite, sshguard) modify
iptables rules in response to excessive failed login attempts. A
''proper firewall'' with just static iptables rules can't do that.
And with so many pwn3d hosts out there being used to bounce attacks off
of, it is foolish to rely on static rules alone to fend off these
attacks.
Much better of course are static firewall rules that blocks off all but
a few whitelisted hosts. But that is much less flexible for users.
--keith
--
kkeller@xxxxxxxxxxxxxxxxxxxxxxxxxx
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
