Hello,
I need some help with network/firewall settings in Solaris 11.3.
What I want to achieve is that if someone tries to log in to my server and fails I want that IP to be banned for some time.
So if a computer/user tries to login to my ssh-server on a specified port (normally 22) and have for example 3 failed attempts in 5 minutes, the IP should be blocked for a set time, lets say 10 minutes, and then be opened again if no further login attempts are made.
This seems to be fairly easy to do with iptables and two rows of code, and is something my 8+ year old 4-bay nas is able to do via GUI, but in Solaris I cannot find a clear answer to how to achieve this.
I would like to apply this to more services than just ssh, and for ssh I have tried to use the option MaxAuthTries which I haven't seen any effect of at all.
The closest I have seen in Solaris is to use IPfilter (IP Filter Configuration File Examples - Securing the Network in Oracle Solaris 11.1), but as far as I can see it is just used to statically open or close ports to certain preset addresses.
I found a article at Creating a fairly secure public SSH daemon | Rants about the Solaris OS which seems to do almost what I want, but it looks a little clumsy compared to iptables and it does not dynamically "release" an IP after the set time unless you run the script manually or via cron. And it seems to work with ssh due to the way ssh works and hence is not very flexible for other services on the server.
I cannot be the first one to wonder this and I would be really surprised if Solaris who claims to be a cloud os is not able to do this.