Banning Repeat With Fail2ban
If wont to prevent brute force on ssh service good choice is Fail2Ban, but If wont to ban attackers were repeatedly got ban by Fail2Ban on luckily we can easy setup "Repeat" service for permanent ban of attacker.
[repeat] enabled = true filter = repeat logpath = /var/log/fail2ban.log bantime = 31536000 ; 1 year findtime = 31536000 ; 1 year maxretry=3
[INCLUDES] before = common.conf [Definition] _daemon = fail2ban\.actions\s* _jailname = repeat failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$ ignoreregex = [Init] journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5
actionban = if ! <iptables> -C f2b-<name> -s <ip> -j DROP; then <iptables> -I f2b-<name> 1 -s <ip> -j DROP; fi if ! grep -Fxq '<ip>,<name>' /etc/fail2ban/ip.blacklist; then echo '<ip>,<name>' >> /etc/fail2ban/ip.blacklist; fi actionunban = # Do nothing becasuse their IP is in the blocklist file [Init]
After success created this files, just restart Fail2Ban service and that is all.