Am Samstag, 9. März 2019, 11:22:45 CET schrieb mj: Hi MJ, that is a good point, that only services are blocked, which are using hosts.deny. For the other ports I am using tools like porstentry and hostentry, which are running well and do a good job. My personal style is strange: I am looking, on which kind or way an attacker could intrude my system and then defend with the rquired tool. I am never relying on one tool, it is always a combination of several tools - like I say, a "concept". Of course I pay attention, that my tools do not interfere each other. And you may wonder - it happens, that there is a new attacking threat, then I defend against it and after one or two years I forgot about it. "Fire and forget". But from time to time I recheck my strategies (like this time) and look, what can be improved/exchanged/whatever, like today. I will give fail2ban a try, as it looks like the most suggested tool at the moment. But as I said before - let's see of more suggestions. Best Hans > Hi, > > We are using fail2ban to do this. It offers many more options, and works > by creating iptables rules. This gives you much more control over what > ports exactly are blocked. > > Plus I think (correct me if Im wrong) that using /etc/hosts.deny to > block access only works with programs that are compiled to do so, and > iptables will always work. > > MJ
Attachment:
signature.asc
Description: This is a digitally signed message part.