I have fail2ban set up to ban anyone who tries to connect via. ssh without my certificate.
I currently have a list of 1886 banned addresses (and counting), majority of which originate from China. China is not my target audience for my nginx web server, so I am able to block the entire country with geoip_country
, however I would also like to specifically deny access to http/https/git from those specifically on the ban list too.
I have these two configurations:
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = %(nginx_error_log)s
maxretry = 3
bantime = -1
and
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3
findtime = 600
bantime = -1
Is there a way I can combine these two together? Ban anywhere, apply block anywhere?
I'm not quite sure how to do any tests, given if I ban myself I'd get locked out (static ip)?