Nethsec8 DDClient

windmannIT · April 22, 2024, 6:46pm

Are there plans to be able to configure the DDClient via the normal interface (not LUCI)?

giacomo · April 23, 2024, 6:04am

For now we have no plans for it. It’s not trivial to write an easy UI for ddclient. But if we want to replicate Luci UI, it should be not so difficult.

Let’s see in the future.
Still, Iifanyone want to try implement it, pull requests are always welcome!

windmannIT · April 24, 2024, 9:01am

Thanks for the reply. Another quick question: Is fail2ban planned in the future?

pike · April 24, 2024, 9:08am

With Crowdsec as a business partner I don’t see fail2ban interesting for the dev team.
And I would like to say that’s a bad idea.
What exposed here

still stands

Edit: the bold part is inaccurate and it’s not true.
More on that here.

giacomo · April 24, 2024, 10:48am

I don’t know.
NethSecurity has few services running so maybe something more lean could be enough.
For now we are testing the banip built-in feature that scans the log and blocks the attacks.
This is not still exposed on the UI, because we need to test it thoroughly.
If you want you can enable it manually:

uci set banip.global.ban_logreadfile='/var/log/messages'
uci set banip.global.ban_logcount='3'
uci set banip.global.ban_autodetect='1'
uci commit banip
/etc/init.d/banip restart

You could test also a filter for OpenVPN with user/pass authentication:

uci add_list banip.global.ban_logterm='TLS Auth Error: Auth Username/Password verification failed for peer'
uci commit banip
/etc/init.d/banip restart

As Michael said, we are also experimenting with Crowdsec that connects a NS8 to a NethSecurity.

This is totally new to me: what business partnership are you talking about?

pike · April 24, 2024, 11:06am

That’s what I understood, that there was acting some business relationship as that were (still is?) with Collini Consulting for the content filtering.
Your words make me feel that these words

are inaccurate and do no represent the current status.

I edited the previous post for allowing the audience to not be mislead by my words.

giacomo · April 24, 2024, 3:21pm

Indeed we have a collaboration with Collini Consulting which is providing its own cloud DNS filter, available only with an extra fee (I really do not know the commercial details about it).