Subj : Re: Alternative(s) to ipset on OpenVZ To : Alexey Vissarionov From : Nelgin Date : Wed Dec 20 2017 19:30:49 On Tue, 19 Dec 2017 07:00:00 +0300, "Alexey Vissarionov" wrote: >Good ${greeting_time}, Joaquim! > >18 Dec 2017 21:40:18, you wrote to me: > > av>> Very dangerous thing... However, it makes some fun to > av>> use it against the admin^Widiot who installed it :-) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > JH> I'm curious ... why is fail2ban dangerous? > >Didn't you read the message before answering it? > >https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5642 >and some others discovered since that. Is it an accident that you omitted to say that there were only 3 CVE announcements since CVE-2012-5642 and those were over 4 years ago or are you just scaremongering? The only options you offer are to block CIDR (which can be done manully after fail2ban picks up some common CIDRS worth blocking) and rate limiting which fail2ban does by way of blocking anyway. .