|
|
|
|
|
|
by kelnos
2117 days ago
|
|
|
fail2ban works by tailing authentication logs and matching regexes to find failed attempts and the IP address of the source. So if nothing is listening on the port, there won't be anything to spit out logs that fail2ban can read. You could potentially create a fake daemon that listens on port 22 and just logs every access attempt, and set up fail2ban to block any IP that even opens a connection to the port, regardless of what they try to send over it. Actually, I think iptables has a LOG target that can log connection attempts even without something listening, so that could work too and be much simpler. |
|
|