Fail2Ban to LuCi

Hi!

How to install Fail2Ban to protect LuCi from brute force in LAN (!). Network is open, I know it is not good. I don’t want to set password. No I don’t need guest network.

Please, help me to install fail2ban to luci : )


{
	"kernel": "5.15.150",
	"hostname": "FUCKPUTIN",
	"system": "MediaTek MT7621 ver:1 eco:3",
	"model": "GL.iNet GL-MT1300",
	"board_name": "glinet,gl-mt1300",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.3",
		"revision": "r23809-234f1a2efa",
		"target": "ramips/mt7621",
		"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
	}
}

There's no firewall on the LAN side, it can't be blocked.

You'd better use other measures to secure it.

AFAIK, there's no f2b luci package.

Is there any rate limits to luci login? I need to rate limit it somehow

by default LAN is considered "safe", if you have issues with the clients connecting to it, perhaps you should reconfigure it to be a guest wifi instead ?
I assume the issue's with wireless clients ?

Yes.

Too complicated for this setup. I will have headaches to tell passwords. Now MAC allowlist used, but it can be easily bypassed if someone knows

you could try adding an extra password, in front of the logon screen - https://openwrt.org/docs/guide-user/services/webserver/uhttpd#basic_authentication_httpdconf
haven't tried it mysef though.

1 Like