Quote:
NR2: Is modification of pf rulset, to implement something like fail2ban the way forward to free up system resources?
|
"Fail early". Yes, it should. PF blocking IP addresses inside PF table structure is quite efficient. Unfortunately I don't know which script can retrieve IPs from PHP logs and update table.
I have seen some people in Gnu/Linux community to do something similar using pure iptables/ipset solution (ipset is something similar to PF's tables) without fail2ban. At the firewall ruleset they are adding IPs connecting too many times per minute to blocklist.
PS.
Remember to whitelist yours IP address.