It seems OLS comes with some of its own anti-DOS measures, but there are many services running on any given system and they all need protection. Fail2ban management should be integrated into CP (under the Security tab, perhaps after Firewall) either natively or by calling out to some open source GUI solution. CP's install process should recognize Fail2ban if it is already installed and should "absorb" it.
Need to investigate if fail2ban and firewalld play nice together, and if iptables and firewalld are friends, and if iptables should be replaced with nftables.
Also: look into open source fail2ban visualization projects. Update: seems there are few open source fail2ban tools around, but eh, maybe something to build myself. Seems like most of the work has been done here, here, here, and here, I'd just need to port to the language of my choice. Perhaps TypeScript. A fun side project for later!
Note: if we do take inspiration from the projects linked above, perhaps consider dropping a note upstream.
It seems OLS comes with some of its own anti-DOS measures, but there are many services running on any given system and they all need protection. Fail2ban management should be integrated into CP (under the Security tab, perhaps after Firewall) either natively or by calling out to some open source GUI solution. CP's install process should recognize Fail2ban if it is already installed and should "absorb" it.
Need to investigate if fail2ban and firewalld play nice together, and if iptables and firewalld are friends, and if iptables should be replaced with nftables.
Also: look into open source fail2ban visualization projects.Update: seems there are few open source fail2ban tools around, but eh, maybe something to build myself. Seems like most of the work has been done here, here, here, and here, I'd just need to port to the language of my choice. Perhaps TypeScript. A fun side project for later!Note: if we do take inspiration from the projects linked above, perhaps consider dropping a note upstream.