fail2ban or similar concept
mcn at freeradius.org
Fri Sep 2 03:31:22 UTC 2022
On 02/09/2022 04:20, Brantley Padgett via Freeradius-Users wrote:
> I guess what I mean is for example, just combing through the logs of the soon to be retired server and I see one IP in particular that has made failed auth requests 1.9mil times since Jun 2022. That IP is not one of ours and it just seems to me reckless to allow that to happen unchecked.
Which is why you run RADIUS servers on internal back-end networks that
are not publicly available.
Don't permit IPs that are not yours from having access to the RADIUS
server in the first place.
> I wanted to check if freeradius had some form of limiting/banning built in that I just didn't understand before trying to make something like fail2ban work.
No, because you don't expose your RADIUS server to the world.
But if you have logs identify IPs you want to block, that's exactly what
fail2ban is for - get it to add a firewall rule like you would do for
any other service. As Alan said, FreeRADIUS already ignores any unknown
clients anyway, so you'd just firewall out the noise.
More information about the Freeradius-Users