Hello world !!!
I would like to improve my firewall scripts to keep the address list a bit shorter:
Currently I have four lists to create a blacklist for ssh:
ssh_stage1/2/3 and ssh_blacklist.
If an ssh connection is established and there is no entry, yet, the address will be put in stage1 else it is put into the
next higher list. It works, so far.
Now I would like to remove the address from the lower list when an adress ist added to avoid multiple entries for
the same IP.
Best way would be in the firewall rule, but I did not find a setting there.
Another possibility would be a script running every minute scanning the address lists for every IP and keeping only
the entry in the highest one.
This I just do not get to work.
Maybe someone has a hint for me.
Problem is: I have 800 - 1000 tries per hour to log in via ssh. Address list are getting quite big and I want to shorten
them a bit.