[dugite-code]

IMHO Fial2ban, just like port knocking, isn't cargo cult security. They are a single tool that can be included in a general system security arsenal, not the only tool you should use but one of a suite of tools that can be used depending on what you want to achieve.

Personally I use fwknop for port knocking as it doesn't suffer from replay attacks as it's an encrypted packet. But still serves the same niche

[akerl_]

The point being made is that unless "what you want to achieve" is "run a tool that isn't improving your security posture", port knocking isn't providing value to the security model.

Hence the cargo cult.

[dugite-code]

I can't agree that it's "a tool that isn't improving your security posture", if it's a layer on top of other tools, you might argue it's effectiveness isn't great but to say it's effectively nothing is a reach.

[akerl_]

It’s not nothing: it’s one more thing that can break or eat resources or have a vuln. And it’s not improving the thread model. It’s net negative.

[DaSHacka]

How is it not improving the threat model to not have a service directly connected to the internet, but instead put behind a layer of protection?