On Mon 18/Nov/2019 03:43:32 +0100 Trent W. Buck wrote: > That page needs a section "why choose fail2nft over existing products?" :-) > > * sshguard is lex/yacc (C) that reads logs journal/syslog/NCSA > and runs a helper script to add/remove block rules. > Adding new match rules requires a recompile. > It blocks everything by default (on Debian, via nftables). > > https://bitbucket.org/sshguard/sshguard/src/master/src/fw/sshg-fw-nft-sets.sh > > It's about 2KLOC (slightly bigger than fail2nft). > > * fail2ban is python and uses regular expressions to look for attacks. > It's configured via a huge mess of .ini files. > It blocks nothing (except SSH?) by default (on Debian, via xtables). > > https://github.com/fail2ban/fail2ban/blob/0.11/config/action.d/nftables.conf > > It's about 17KLOC (much bigger than fail2nft). * ipqbdb is C with PCRE to read a piped log file, requires custom setup of regexes and iptables -j NFQUEUE --queue-num N, the queue filtering daemon(s) can mark or drop based on Berkeley DB. https://savannah.nongnu.org/projects/ipqbdb/ Less than 10KLOC, including utilities to manage the database. Best Ale
