Le jeu. 25 mars 2021 à 19:45, Kapetanakis Giannis
<bilias@edu.physics.uoc.gr> a écrit :
>
> How about a distributed setup?
>
> Has anyone thought of a way getting IPs from various servers (say linux
> & fail2ban) to the central OpenBSD (pf) firewall?
I send all my logs to a centralised syslog which runs fail2ban, and
instead of using pf here, fail2ban injects bgp routes of "attackers"
to my network.
Then either an openbsd border firewall adds those prefixes to a pf
table to drop the traffic from, or on a linux out-of-as host this
installs a null route. With urpf enabled traffic gets dropped at
ingress.
This setup could scale a lot, bgp was made for distributing prefixes.
No comments:
Post a Comment