I'm setting up ingress for my Kubernetes cluster and I've noticed there are a lot of blacklists out there for IP addresses known to be associated with attackers and spammers. Is there a service that can automatically pull these lists to block these IPs from accessing my ingresses? Additionally, can I use something like fail2ban to blacklist IPs, even though each pod is different?
3 Answers
If you're on AWS, you can use WAF with either API Gateway or Cloudfront in front of your ingress. They actually have some managed rule groups for known malicious IPs. However, if you want to block specific IPs, that's still a manual process. You might also want to check out this guide on using Amazon GuardDuty with AWS WAF for automatic blocking of suspicious hosts!
Yeah, Crowdsec does exactly what you need! It can automate the blacklisting of malicious IPs and offers integration that works well with Kubernetes.
Crowdsec is a great tool for what you're looking to achieve! It provides lists of malicious IPs and can help you block additional IPs, similar to what fail2ban does, using either managed or custom rules.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures