An ultralight firewall configurator that naïvely bans stupid SSH clients
amalgam is my answer to Fail2Ban. I make no claims about whether or
not amalgam is better—in fact, I’ll readily say it’s certainly
not. But amalgam is something similar to what I have always wanted
for a firewall. amalgam aims to be
amalgam instancesThe prototype script, amalgam.bash (which is symlinked by the file
called amalgam at the tree root) should be run with sudo on a
system with rg (ripgrep), and the iptables and ipset userspace
utilities, and on a system that has authentication logs available in
the sshd journald unit (more on this below).
Use this script as follows:
$ sudo ./amalgam
That’s it.
Starting in late 2019, I’m working on a Rust version of amalgam to
actually satisfy the stated goals of this project.
Using serde_json and lots of Rusty tricks, amalgam hopes to
eventually move forward as a standalone utility.
Eventually, the usage will look more like this:
$ journalctl -u sshd -o json | amalgam -i- --input-format journalctl-json -c config.yml
This is, of course, a work in progress until this new syntax has been
established.