Progress migrating to list

Joe Nelson joe at
Sun Sep 30 17:37:44 UTC 2018

> > I should also write up the story about how Joe helped me fend off
> > hackers when we configured fail2ban for postfix.
> I certainly want the story on that. Type it up and put in on your weblog.
> Or, send it in an email and it will be archived here -- I guess. Or, we
> can host a weblog of sorts on frostbyte.

I learned that in true OpenBSD style, they have stateful packet
filtering [1] built right into pf, which means I can implement similar
functionality on this BSD box as we did on your machine, but without
the extra moving parts of fail2ban. [2] This technique doesn't involve
looking at log files for offending lines, but simply tracks how many
connections a host is making in what time period, and adds the host to a
block list above a threshold.

Luckily I haven't seen evil traffic in my logs yet... Probably only a
matter of time.


More information about the Friends mailing list