Hello. Does anyone know of any linux firewall (free or not) or any similar program that can do automatic (say if there's too many connections from an IP) temporary IP bans, for a certain amount of time (like 1 hour)? The reason I can't have permanent bans and just use any firewall is because for some reason my friends end up on the list even though they didn't abuse anything. Thanks.
snort.And here are some other softwares.apf also can auto ban(apf is better for your situation, snort needs a lot of experience and rules).But the question is what are you trying to fix?If you are going to ban them because of syn attacks, without snort you can't handle them.Apache will keep heavy load etc.
The problem with this kind of a IP ban is that you can end up with blocking legitimate traffic as well so you have to be careful. we use iptable firewall on Linux environment we had the same problem what you have , what we done is configured an alert on such situation and block it manually. If you are using Apache check mod-evasive module which has some sort of your requirement.
Thank you for the info. I will look into snort, but otherwise, I'll probably just have to set up a more elaborate alerting system and do things manually. That's such a pain in the butt, but if that's all that can be done, then oh well.