undefined | Better HN

0 pointsboring_twenties5y ago0 comments

I don't like it because it opens up the possibility of someone on the same network as me locking me out of my own server.

Sure, it's unlikely, but I don't see what I'd be gaining using fail2ban in the first place. I don't leave password authentication enabled, of course.

Log spam is a bit annoying, but at the end of the day, who cares? Even with the ongoing attempts, my authlog is like 300K uncompressed today and 60-120K per day gzipped. Whatever.

If I cared about that I would prefer to just block Chinese IP ranges outright.

0 comments

pnutjam5y ago

If your passing through a NAT, you can whitelist your own IP.

something like: fail2ban-client set addignoreip x.x.x.x or fail2ban-client set addignoreregex hostname.com

boring_twentiesOP5y ago

Sure. But why? We're talking about 1MB to keep a week's worth of logs. It's just not worth even a minor hassle, or the most remote possibility of failure.

pnutjam5y ago

It's not about logs, it's about defense layers.

j / k navigate · click thread line to collapse

0 pointsboring_twenties5y ago0 comments

I don't like it because it opens up the possibility of someone on the same network as me locking me out of my own server.

Sure, it's unlikely, but I don't see what I'd be gaining using fail2ban in the first place. I don't leave password authentication enabled, of course.

Log spam is a bit annoying, but at the end of the day, who cares? Even with the ongoing attempts, my authlog is like 300K uncompressed today and 60-120K per day gzipped. Whatever.

If I cared about that I would prefer to just block Chinese IP ranges outright.

0 comments

pnutjam5y ago

If your passing through a NAT, you can whitelist your own IP.

something like: fail2ban-client set addignoreip x.x.x.x or fail2ban-client set addignoreregex hostname.com

boring_twentiesOP5y ago

Sure. But why? We're talking about 1MB to keep a week's worth of logs. It's just not worth even a minor hassle, or the most remote possibility of failure.

pnutjam5y ago

It's not about logs, it's about defense layers.

j / k navigate · click thread line to collapse