Open nomadturk opened 2 days ago
Or CrowdSec put into the API a list of banned IPs
@williamdes
The way I currently do on other servers is by creating a bash script, getting those lists from various places. Merging and deduplicating them. Then adding them to ip route table as a blackhole.
I use various sources like Emerging Threats, Firehol lists, Blocklist.de, Tor Exist relays etc. And it works.
The problems are
I was thinking, maybe if Stalwart can allow importing a list of IPs from external sources, I can keep a github repo and keep it updated and let Stalwart get the list of IPs from there.
But I don't know if that's a capability Stalward should. LOL. We can at least remove the ones Stalwart is already observing with Fail2Ban regexes and block them across the cluster.
But getting them from external places. That would be a nice to have :)
Which feature or improvement would you like to request?
Above, we are seeing an example log from Stalwart where a single IP is trying to find out vulnerabilities on different ports or protocols.
Be it a single node or a cluster install, since Stalwart can already parse these, it would have been nice for it to add the IP to the list of Blocked IPs.
Is your feature request related to a problem?
I'm having a problem with...
Code of Conduct