Ideas to improve firewall security

[drybjed]

• [ ] Make ssh detection window longer, currently it's only 5 minutes, 0.5h should be enought to catch more offenders. And give them less tries before blocking them;
• [ ] Create a script that will check lists of recent offenders, look through the logs to gather some information about them and mail to root account what it finds.
• [ ] Create a honeypot using tinyhoneypot and redirect traffic there instead of blocking it in certain cases to learn what we can about possible attacks?
• [ ] add a way to set number of entires in recent lists through a module option

[AnBuKu]

In terms of tinyhoneypot mentioned above, there is a tutorial Increase your IPv4 security with Fail2Ban and Tinyhoneypot on Debian Jessie - source: howtoforge.com - date: ? - what rises for me the question, if tinyhoneypot should become a separate issue in https://github.com/debops/ansible-fail2ban?

[AnBuKu]

Add BPF - Berkeley Packet Filter - Module to iptables based Linux firewall in order to be in the position to better defend against DNS-DDoS attacks, more and more to come as IoT security threads in todays web environment.

More Links about BPF:

• Introducing the BPF Tools - Blog article
• BPF - the forgotten bytecode - Blog article
• IETF Technical Plenary - How to stay online [PDF] by IETF - download 2.7MB
• GitHub: Cloudflare/bpftools

Motivation for this input by article IETF 97: Technische DDOS-Gegenmittel statt politischer Eingriffe - German language only