fail2ban or similar concept

Matthew Newton mcn at
Fri Sep 2 03:31:22 UTC 2022

On 02/09/2022 04:20, Brantley Padgett via Freeradius-Users wrote:
> I guess what I mean is for example, just combing through the logs of the soon to be retired server and I see one IP in particular that has made failed auth requests 1.9mil times since Jun 2022. That IP is not one of ours and it just seems to me reckless to allow that to happen unchecked.

Which is why you run RADIUS servers on internal back-end networks that 
are not publicly available.

Don't permit IPs that are not yours from having access to the RADIUS 
server in the first place.

> I wanted to check if freeradius had some form of limiting/banning built in that I just didn't understand before trying to make something like fail2ban work.

No, because you don't expose your RADIUS server to the world.

But if you have logs identify IPs you want to block, that's exactly what 
fail2ban is for - get it to add a firewall rule like you would do for 
any other service. As Alan said, FreeRADIUS already ignores any unknown 
clients anyway, so you'd just firewall out the noise.


More information about the Freeradius-Users mailing list