I am searching for a firewall for my self hosted services. It should be conpatible with docker, podman and native running services. I should block clients with to many fauled authentication attempts. It should also support blocklists and be as easy to configure as possible (and foss ofc). I took a short look at fail2ban, but the github docs are just lacking so much information that I was looking for (like how to configure it). CrowdSec lookes not foss enough for me.

Any recommendations? Maybe some fail2ban guide?

  • anamethatisnt@sopuli.xyzEnglish
    10·
    1 day ago

    Your services would first of all need some sort of integration to report failed authentication attempts to your firewall or you wouldn’t have anything to act on to start the block. Sounds complicated edit: and also what fail2ban does by reading logs it seems.

    If I were you I would ponder if it wouldn’t be easier to just setup a headscale/wireguard/openvpn server and connect to your other services through that.

    My favourite home firewall right now would be opnsense

    • Zenlix@lemmy.mlOPEnglish
      1·
      1 day ago

      I fuess I can get that info from most services vy parsing their logs.

      When using a vpn server, only I could access the services right?

      Isnt opnsense only for bsd? I am running linux.

      • anamethatisnt@sopuli.xyzEnglish
        3·
        1 day ago

        Isnt opnsense only for bsd? I am running linux.
        opnsense is bsd based yes, you can either run it on it’s own hardware in front of your server or you can run it as a virtual machine and passthrough your hosts network ports to it for WAN/LAN.

      • anamethatisnt@sopuli.xyzEnglish
        1·
        1 day ago

        When using a vpn server, only I could access the services right?

        You can easily setup vpn users for friends/family but a random person on the internet won’t reach your services if you block access from WAN and forces everyone to go through the vpn server.