I came across the Shorewall/Shoreline firewall (actually, it was referred to me by somebody), and was wondering if anybody here used it and had any advice or recommendations? I currently use APF, and while it [seems] to work most of the time it will occasionally have some wonderful bug, like locking me out of the system for 2 or 3 minutes. Another benefit of using APF is how easily BFD integrates with it. Is there such a tool (brute force detection + blocking) for Shorewall?
I've been using shorewall for about 5 yrs now, and I like it a lot--I can deploy it on my local workstations and laptops all the way up to my colocated servers--shorewall can handle it all.
AFAIK shorewall does not have brute-force detection like BFD, but I personally find general scripts like BFD a little futile... I personally use fail2ban for banning IPs that fail too many login attempts.