24 Oct
2010
24 Oct
'10
4:18 p.m.
2010/10/24 Daniel-Constantin Mierla miconda@gmail.com:
Using fail2ban together with IP tables has the advantage of dropping the packets before getting to application and eating cpu
I have a testing platfotm with Kamailio and fail2ban working more or less as explained in this thread. But I wonder if fail2ban is a good idea as it works inspecting regular expressions in each line of the log. Is it good enough and feasible under high traffic? wouldn't fail2ban eat too much CPU by inspecting the log file? Just wondering.
Of course, the perfect solution would be Kamailio acting as fail2ban. This is, "pike" module inserting dynamic rules in iptables. Opinnions?
--
Iñaki Baz Castillo
ibc@aliax.net