There is a certain virtue in using a firewall appliance for front-line protection. I think fail2ban could add IPs to its block list. An advantage of this is that you don't have to remember what all the internal servers are to firewall them individually. Certainly one could update firewall-cmd via ssh. I do this as part of my Ansible provisioning. You could, in fact, set up a blocklist file with banned IPS that Ansible could run against at intervals and do bulk host updates that way. Tim On Fri, 2024-10-25 at 06:32 +0200, Frédéric Nass wrote: > Hi Marc, > > Make sure you have a look at CrowdSec [1] for distributed protection. > It's well worth the time. > > Regards, > Frédéric. > > [1] https://github.com/crowdsecurity/crowdsec > > ________________________________ > De : Marc <Marc@xxxxxxxxxxxxxxxxx> > Envoyé : jeudi 24 octobre 2024 22:52 > À : Ken Dreyer > Cc: ceph-users > Objet : Re: centos9 or el9/rocky9 > > > > > Sorry for posting off topic, a bit to lazy to create yet another > > account somewhere. I still need to make this upgrade to different > > os. I > > have now some vms on centos9 stream. What annoys me a lot is that > > tcp > > wrapper support is not default added to ssh. (I am using auto fed > > dns > > blacklists to refuse access) > > > > Can anyone tell me if this is the same in el9/rocky9? > > > > > > > > I use fail2ban for this purpose on CentOS Stream 9. It works with > > firewalld. > > Yes on one host not? It is not like if host a is being harassed and > blacklists, all hosts are having this update. I am using remote > syslog with fail2ban -> dns update -> dns checks on all hosts. > Or does firewalld allow for some remote updates? > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |