Fail2ban : white list a FQDN and/or a CDIR

Following that page : https://blog.rimuhosting.com/2017/02/24/whitelist-your-own-computer-in-fail2ban/ it looks possible to whitelist a domain name instead of an IP.

However, nethserver’s UI (cockpit and server-manager) don’t accept FQDN. Is it wanted ?
That could really be useful to whitelist a dyndns address.

Also I’d like to know if Fail2ban takes the Trusted networks into account ? This can be useful for whitelisting the openvpn tunnelled traffic coming from a remote site.

Txs

Matt

1 Like

Yes it is wanted at least when I started first the dev, now things could change cc @giacomo @davidep

I never wanted to see a network that allows the whole internet here… It is against security

Relative to the dynamic domain name, it could be a hole in the security.

The IP could be used by someone else and your dyn dns has not been updated
The dyn dns could be used also by someone else

You never be sure, your IP is sure

2 Likes

I back Stéphane opinion. Still I will not raise any argument if we want to change it.

Mmmh. I see, but the update client needs a password to make changes… That password could be hacked or leaked but that’s the issue with all passwords…

DNS hostname can be “poisoned” via external cache poisoning. Ip address should presume something more difficult to achieve.

+1 on @stephdl opinion

1 Like

okokok :slight_smile:

2 Likes