I’ve been writing some cross-platform Software for Linux administration, mainly for firewall rules and log threat mitigation. You can do some automated threat mitigation, but for mail servers (as an example) there are a lot of things you can’t automate – this was the main reason I wrote this Software.

If you think about mail server whitelisting + greylisting a lot of valid services have blacklisted / blocked IP’s (Google, Mailchimp, Social Networks etc). So you can’t really set an automated service to ban IP’s or ranges just based on them being blacklisted. There are still a lot of things administrators need to do, which is why I stated before: it is important for administrators to check logs daily (if possible) for log threat mitigation. You need to check what networks the blocked IP’s are from before blocking them in firewall rules (if you intend to do so – personally I do). As I stated before – if I know a certain server or customer is not going to receive email from a certain Country I can block email server access from those countries. You can achieve web + mail separation by using a reverse-proxy – or you can set firewall rules through Fail2Ban for a specific service.

The Software has automated log checking and can automate scripts for server real-time mitigation (for other ports / services) – but was predominantly wrote for administrators to use at their desk – not live on the server. I have added database functionality where admins can import blocked ranges or ip’s from a text list to an sqlite3 or sql database. You can also create a ruleset for iptables from a list of ranges or IP’s on your local computer then upload the file to a server – every ip and range are verified during creation – so if you accidentally typed an invalid IP the firewall won’t kick you out when the rules go live! This way of importing a large number of ranges reduces server memory usage – over importing every line through the server. Although the software has options to create specific iptables command lines for single IP’s and Range’s (including specific fail2ban options) too. More info to come soon.