I have fail2ban set up to ban anyone who tries to connect via. ssh without my certificate.
I currently have a list of 1886 banned addresses (and counting), majority of which originate from China. China is not my target audience for my nginx web server, so I am able to block the entire country with
geoip_country, however I would also like to specifically deny access to http/https/git from those specifically on the ban list too.
I have these two configurations:
(nginx-http-auth) enabled = true filter = nginx-http-auth port = http,https logpath = %(nginx_error_log)s maxretry = 3 bantime = -1
(sshd) enabled = true port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s maxretry = 3 findtime = 600 bantime = -1
Is there a way I can combine these two together? Ban anywhere, apply block anywhere?
I’m not quite sure how to do any tests, given if I ban myself I’d get locked out (static ip)?