Hello,
I’m using OpenSearch 2.13.0 at the moment. I’m trying to find a way to block IP…
Since OpenSearch doesn’t have “IP Filter” feature like ElasticSearch, I was thinking about using OS for doing that.
Is there any way we can do that? Like TCP Wrapper or Iptables?
Has anyone tried this yet?
Thanks in advance
You can use fail2ban on Linux.
apt install fail2ban
You can manually ban IP addresses with fail2ban-client or have it automatically ban after X number of failed login attempts.
For the latter, you will have to create a filter config file to tell it where to look for the logs and how to recognize failed login attempts (something like “Authentication finally failed for [username] from [ip address]”), and possibly a jail config file to tell it how to ban the ip addresses.
Fail2ban also works great for blocking ssh password brute-force attempts.